~nickbp/kapiti#21: 
Support OPT COOKIE option in client and server

RFC7873

  • Server: accept client COOKIE options and send back server cookies, cache the most recent server cookie returned by the server, if any. could try being strict with BADCOOKIE+cookie response when server cookie is missing from request?
  • Client: send client COOKIE options to servers, validate that returned client COOKIE in response is correct

Broken out from #1 since this involves additional client/server logic, whereas the other items in there are mainly just parsers

Status
REPORTED
Submitter
~nickbp
Assigned to
No-one
Submitted
4 months ago
Updated
4 months ago
Labels
Low Priority Security

~nickbp 4 months ago

This should be easier under the current structure (especially now that flatbuffers are finally gone) but this probably isn't that critical in terms of how many clients actually use or enforce this.

Register here or Log in to comment, or comment via email.