Re: _HttpOnly cookie prefix?

<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content="Search IETF mail list archives"> <title>Re: _HttpOnly cookie prefix?</title> <link rel="stylesheet" type="text/css" href="https://static.ietf.org/mailarchive/2.29.0/fontawesome/css/all.css"> <link rel="stylesheet" type="text/css" href="https://static.ietf.org/mailarchive/2.29.0/mlarchive/css/bootstrap_custom.css"> <link rel="stylesheet" type="text/css" href="https://static.ietf.org/mailarchive/2.29.0/mlarchive/css/styles.css"> </head> <body>  <div id="container"> <header class="navbar navbar-expand-md navbar-dark fixed-top px-3 py-0"> <div class="container-fluid"> <a class="navbar-brand p-0" href="/"> <img alt="IETF Logo" src="https://static.ietf.org/mailarchive/2.29.0/mlarchive/images/ietflogo-small-transparent.png"> <span class="navbar-text d-none d-md-inline-block"> Mail Archive </span> </a> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbar-main" aria-controls="navbar-main" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div id="navbar-main" class="navbar-header collapse navbar-collapse"> <ul class="navbar-nav ms-auto"> <li class="nav-item d-none d-lg-inline"> <a class="nav-link" href="https://www.ietf.org/search/">Search www.ietf.org</a> </li> <li class="nav-item d-none d-lg-inline"> <a class="nav-link" href="https://datatracker.ietf.org">Search Datatracker</a> </li> <li class="nav-item d-none d-lg-inline navbar-text pipe"></li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbar-help" role="button" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Help</a> <div class="dropdown-menu" aria-labelledby="navbar-help"> <a class="dropdown-item" href="/arch/help/">Search Syntax</a> <a class="dropdown-item" href="/docs/api-reference/">API Reference</a> </div> </li> <li class="nav-item dropdown me-2"> <a id="nav-settings-anchor" class="nav-link dropdown-toggle" href="#" id="navbar-settings" role="button" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Settings</a> <ul class="dropdown-menu" aria-labelledby="navbar-settings"> <li><a id="toggle-static" class="dropdown-item" href="#">Turn Static Mode On</a></li> </ul> </li> <li class="nav-item"> <a class="nav-link" href="/oidc/authenticate/" rel="nofollow">Sign in</a> </li> </ul> </div>  </div>  </header>    <div id="content"> <div class="container-fluid"> <nav class="navbar navbar-expand-md navbar-light bg-light rounded shadow-sm navbar-msg-detail my-2"> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#id-navbar-top" aria-expanded="false"> <span class="navbar-toggler-icon"></span> </button>  <div class="collapse navbar-collapse navbar-detail px-5" id="id-navbar-top"> <ul class="navbar-nav"> <li class="nav-item" title="Previous by date"> <a class="nav-link previous-in-list" href="/arch/msg/httpbisa/cJoVypugczpT2Qx-rujmqNPr6ck/" aria-label="previous in list"> <span class="fa fa-chevron-left" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Date Index"> <a class="nav-link date-index" href="/arch/browse/httpbisa/?index=mnQn4l7N8ylM5XUXlqsl1Z44-pk">Date</a> </li> <li class="nav-item" title="Next by date"> <a class="nav-link next-in-list" href="/arch/msg/httpbisa/u324RZuS4LYqRemucwMkfexHvl0/" aria-label="next in list"> <span class="fa fa-chevron-right" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Previous in thread"> <a class="nav-link previous-in-thread" href="/arch/msg/httpbisa/VDuzwKjittxEAbz9pMErKHus7m8/" aria-label="previous in thread"> <span class="fa fa-chevron-left" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Thread Index"> <a class="nav-link thread-index" href="/arch/browse/httpbisa/?gbt=1&index=mnQn4l7N8ylM5XUXlqsl1Z44-pk">Thread</a> </li> <li class="nav-item" title="Next in thread"> <a class="nav-link next-in-thread" href="/arch/msg/httpbisa/u324RZuS4LYqRemucwMkfexHvl0/" aria-label="next in thread"> <span class="fa fa-chevron-right" aria-hidden="true"></span> </a> </li> </ul> <ul class="nav navbar-nav navbar-right"> </ul> </div> </nav> <div class="row"> <div class="msg-detail col-md-8 pt-3" data-static-date-index-url="/arch/browse/static/httpbisa/2025-02/#mnQn4l7N8ylM5XUXlqsl1Z44-pk" data-static-thread-index-url="/arch/browse/static/httpbisa/thread/2025-02/#mnQn4l7N8ylM5XUXlqsl1Z44-pk" data-date-index-url="/arch/browse/httpbisa/?index=mnQn4l7N8ylM5XUXlqsl1Z44-pk" data-thread-index-url="/arch/browse/httpbisa/?gbt=1&index=mnQn4l7N8ylM5XUXlqsl1Z44-pk"> <div id="msg-body" data-message-url="https://mailarchive.ietf.org/arch/msg/httpbisa/mnQn4l7N8ylM5XUXlqsl1Z44-pk/"> <div id="message-links"> <a href="mailto:ietf-http-wg@w3.org?subject=Re: _HttpOnly cookie prefix?" class="reply-link" title="Reply"><i class="fas fa-reply fa-lg"></i></a> <a href="/arch/msg/httpbisa/mnQn4l7N8ylM5XUXlqsl1Z44-pk/download/" class="download-link" title="Message Download"><i class="fa fa-download fa-lg"></i></a> <a href="https://mailarchive.ietf.org/arch/msg/httpbisa/mnQn4l7N8ylM5XUXlqsl1Z44-pk/" class="detail-link" title="Message Detail"><i class="fa fa-link fa-lg"></i></a> </div> <h3>Re: _HttpOnly cookie prefix?</h3> <p id="msg-info" class="msg-header"> <span id="msg-from" class="pipe">Daniel Veditz <dveditz@mozilla.com></span> <span id="msg-date" class="pipe">Wed, 19 February 2025 21:46 UTC</span> </p> <div id="msg-header" class="msg-header"> <p> Received: by ietfa.amsl.com (Postfix) id BC7D3C1DC808; Wed, 19 Feb 2025 13:46:58 -0800 (PST)<br /> Delivered-To: ietfarch-httpbisa-archive-bis2juki@ietfa.amsl.com<br /> Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB123C14F695 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Feb 2025 13:46:58 -0800 (PST)<br /> X-Virus-Scanned: amavisd-new at amsl.com<br /> X-Spam-Flag: NO<br /> X-Spam-Score: -2.861<br /> X-Spam-Level: <br /> X-Spam-Status: No, score=-2.861 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no<br /> Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="LpYeE/l8"; dkim=pass (2048-bit key) header.d=w3.org header.b="CA23My72"; dkim=pass (1024-bit key) header.d=mozilla.com header.b="CLWgN+nI"<br /> Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OcCJ2PyFp7Ag for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Feb 2025 13:46:58 -0800 (PST)<br /> Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51E04C1CAE98 for <httpbisa-archive-bis2Juki@ietf.org>; Wed, 19 Feb 2025 13:46:58 -0800 (PST)<br /> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=Sf7iwq0Buqo8ZTq8q/WagaC6Qh7SdG+hc8jOG7vFcjw=; b=LpYeE/l8F9P7WffW6+osNs/wwP lnvMWVWs/bM9L35NR14sImNjiASE4VIikFFDpTRY+qAkOOgq2CVXfGu0VaR5owvexxpN7O3vLhu2S WdLnR8j97LhsnsilvNR1wLU3eNKs5dcBgyjgTiT+Ma2Ycp/2xsg2r11kQEZFrxZFJfAEZmbd95/Fm WdjucHAgzYlIiXn7nqsZnNnqnmTcPlTrjpDpcuMuXUPJMd+2/Zd6I5d43eep+U6xK/2N7bmXMO09h ac1wwCK3SmhbAj+Z/OpYMkPke1rp1MZIg6qFc6NS80IJxp43WP/N+ZL4hz7cYbzSs4T/XPV/5wDwi 5SZzqeUw==;<br /> Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1tkrtY-001Nuz-0j for ietf-http-wg-dist@listhub.w3.org; Wed, 19 Feb 2025 21:46:16 +0000<br /> Resent-Date: Wed, 19 Feb 2025 21:46:16 +0000<br /> Resent-Message-Id: <E1tkrtY-001Nuz-0j@mab.w3.org><br /> Received: from ip-10-0-0-144.ec2.internal ([10.0.0.144] helo=pan.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <dveditz@mozilla.com>) id 1tkrtW-001Nu0-2O for ietf-http-wg@listhub.w3.internal; Wed, 19 Feb 2025 21:46:14 +0000<br /> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=Sf7iwq0Buqo8ZTq8q/WagaC6Qh7SdG+hc8jOG7vFcjw=; t=1740001574; x=1740865574; b=CA23My72UbolgF9K7kxGznYIvPFBSeKbepB/KbcLFNyNmUjqzCVn0ntI6vEGfJJ21zCuJwsSjbd g9WxHvP07Zucj4lqnHzkGEXXJsYVXQWSubS4yWcz3xHnb6t8LaBHC4WTuZXNjw43uZODRlLYvosN4 EKmdDR7RyOazcNtcY9fbBO3rOJ8dWG3Ak9Tnz/KWIek8mz/OA9/JG8EfpxwpGXVxdm8e81phKYiVn UHeswcaDuER0pX8XZnmQfAPR7goCnPtoKwzjir+ngodxJIOq9JPcdKG47QdRJAde4dAC6/GKgbWLm C1E5kE+hkjwoYfNGnbwHAqxiCMCsTFftxmTQ==;<br /> Received-SPF: pass (pan.w3.org: domain of mozilla.com designates 2607:f8b0:4864:20::f29 as permitted sender) client-ip=2607:f8b0:4864:20::f29; envelope-from=dveditz@mozilla.com; helo=mail-qv1-xf29.google.com;<br /> Received: from mail-qv1-xf29.google.com ([2607:f8b0:4864:20::f29]) by pan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <dveditz@mozilla.com>) id 1tkrtW-00Gwki-08 for ietf-http-wg@w3.org; Wed, 19 Feb 2025 21:46:14 +0000<br /> Received: by mail-qv1-xf29.google.com with SMTP id 6a1803df08f44-6dd420f82e2so2747076d6.1 for <ietf-http-wg@w3.org>; Wed, 19 Feb 2025 13:46:13 -0800 (PST)<br /> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; t=1740001570; x=1740606370; darn=w3.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Sf7iwq0Buqo8ZTq8q/WagaC6Qh7SdG+hc8jOG7vFcjw=; b=CLWgN+nIpnzqapDeu7mU07FFzRWBgEz99sgev9HG/NRlJN3Wku2GLRwHEX4iPenLkT /55VsZvp75OZqbD5AELvhuHrUqJn/uWyTKejabNTnYzrrXDwL1weJWQZs48jXObl3m22 fiOIUwZgPX2Ru1Jr45jzhQnucc6PpcJRYBdKE=<br /> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740001570; x=1740606370; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Sf7iwq0Buqo8ZTq8q/WagaC6Qh7SdG+hc8jOG7vFcjw=; b=dIDZqRUpbx9n/vYhaj8u70ibU0IlcqKF/zr/JD7o8pUGqes1Zf2pfKRocM82j/e/Q5 Dtx1yHCPjLRVs98QEkqsHTW+K9CUPO1uTqlYZCsqoPqcs7/P4WL0u/P1qiZX2wUm39tw 1hXp2qZWIUSfnf9vr6+Obp85f+Jc/l/ylFamfJGhgG06alIhonqNB7MAcIDGVJwx4rtP 5b9EmFTRsLqLtacc0kb/W4MR9uRiNjWFm2HrZEbVAoBPULQ+gBQx2vHygyseszkfNOWR P/ZkUmtdo8WjxtcQUrTUcYHm12dCgylFDhkAqL/6b5AxMOlmXTvTJXTr8MEumrgjCj1w crrA==<br /> X-Forwarded-Encrypted: i=1; AJvYcCUfWHLugTX+ODtdqbecZ4ud3aMPPTlw2lVTfBWCj2IAEmYrJDZX8T7E/ia5aRet1QO5fg1yoGmhgnim1k8=@w3.org<br /> X-Gm-Message-State: AOJu0YyetFQ+hJM6Rz0DDHb+h0703h8OKyyKhBZImPzKOgchrgeJQaNw 3a7av9tpGmdtjktoByEJSwuPpGX+JWwFeeZHRQN6nEuskzfvom1dAL/lEjdxk8EbU4UbODJavZH 3s2q2hftoPq6wvFCN4gD+Lxbw7FmJcdDx7HAq<br /> X-Gm-Gg: ASbGnctm3fAXxQyWBZEeqYBB8HRR8O8OZPmjTs65tI7be2L6Xb9bCfefa6xCQnCBxNE zMl8K1tlpkOgwizRnz96VrAW9a431cA9d9ghVhi2ke4/DKOD91OaSqZApN0trGKSs7qApp+0bBO kMmysHZwkdJLpzHTMQ4xch183KrA==<br /> X-Google-Smtp-Source: AGHT+IH3pB7AQDZsVMreS0dZyyX610fOsKU02kNZhp4heczXLabj95Hw+7rySg077rMzZaMyeS+xkBmb7oue5Y3cmk8=<br /> X-Received: by 2002:a05:6214:627:b0:6e4:2d6d:5394 with SMTP id 6a1803df08f44-6e66ccf197emr293393746d6.28.1740001570641; Wed, 19 Feb 2025 13:46:10 -0800 (PST)<br /> MIME-Version: 1.0<br /> References: <CALYmMadk67jcc9y5aP26QFFy5oo7e+qNspL8qv-jF62AhN8UBg@mail.gmail.com> <CADnb78gU2m8nHGY6amj2Lg0e3OLDuBmp8AgrykRjs8b3_31DTA@mail.gmail.com> <CAEmMwDz4YXKbFMMKmYwiNtP17DJf35XvnnLatkQ=CKGUf-pM3w@mail.gmail.com> <CADYDTCD9zqJkeP=7vrQPRgCxrFv5+px_LunbOPNsxLNNRK25Xg@mail.gmail.com> <CAEmMwDxZkxC5sLfPBN+wpHQsb-TFaRd7Q71hXamtmEFfZ1KuHw@mail.gmail.com> <CAD_OO4iapULm6+HkXMrPMeYLNXHs2oagghOXtEYjvy2REcq+dA@mail.gmail.com><br /> In-Reply-To: <CAD_OO4iapULm6+HkXMrPMeYLNXHs2oagghOXtEYjvy2REcq+dA@mail.gmail.com><br /> From: Daniel Veditz <dveditz@mozilla.com><br /> Date: Wed, 19 Feb 2025 13:45:44 -0800<br /> X-Gm-Features: AWEUYZlK4P9dWEmh23e14SkFIQfrlDSxV4cyrittsVPnn3I5OafT_I8TjptX-AQ<br /> Message-ID: <CADYDTCBztCgA5m3bsveFvgyc4qZFHjnk1C81uF544T2KboVc-w@mail.gmail.com><br /> To: Johann Hofmann <johannhof@google.com><br /> Cc: Rory Hewitt <rory.hewitt@gmail.com>, Anne van Kesteren <annevk@annevk.nl>, Yoav Weiss <yoav.weiss@shopify.com>, HTTP Working Group <ietf-http-wg@w3.org>, Matt Metzger <matthew.metzger@shopify.com><br /> Content-Type: text/plain; charset="UTF-8"<br /> Content-Transfer-Encoding: quoted-printable<br /> X-W3C-Hub-DKIM-Status: validation passed: (address=dveditz@mozilla.com domain=mozilla.com), signature is good<br /> X-W3C-Hub-Spam-Status: No, score=-9.1<br /> X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1<br /> X-W3C-Scan-Sig: pan.w3.org 1tkrtW-00Gwki-08 2359743fdf43c97b80e419d034ebe5f3<br /> X-Original-To: ietf-http-wg@w3.org<br /> Subject: Re: _HttpOnly cookie prefix?<br /> Archived-At: <https://www.w3.org/mid/CADYDTCBztCgA5m3bsveFvgyc4qZFHjnk1C81uF544T2KboVc-w@mail.gmail.com><br /> Resent-From: ietf-http-wg@w3.org<br /> X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/52839<br /> X-Loop: ietf-http-wg@w3.org<br /> Resent-Sender: ietf-http-wg-request@w3.org<br /> Precedence: list<br /> List-Id: <ietf-http-wg.w3.org><br /> List-Help: <https://www.w3.org/email/><br /> List-Post: <mailto:ietf-http-wg@w3.org><br /> List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe><br /> </p> </div> <div class="msg-payload"> <pre class="wordwrap">On Wed, Feb 19, 2025 at 1:10鈥疨M Johann Hofmann <a href="mailto:&lt;johannhof@google.com&gt;"><johannhof@google.com></a> wrote: > I agree that some conversation should be had about the overall approach > of piling on __Prefixes and whether there's some better alternative The pitfalls of not returning cookie attributes was already recognized as a problem that RFC 2109 tried to solve in 1997 (and later RFC 2965). I assume backwards compatibility and randomly broken sites discouraged adoption (the death match between Netscape Navigator and MS IE couldn't have helped--cookies weren't a competitive feature). Prefixes are transparent to all the old client and server software so they can safely be adopted by a web application at their own pace. But they are a hack and can't be easily extended to cover arbitrary attributes. </pre> </div> <div> </div> </div>  <div id="message-thread"> <ul class="thread-snippet"> <li class="depth-0"><a href="/arch/msg/httpbisa/D0aIS1ZOfgROhcELGJZY7nIRgM8/">_HttpOnly cookie prefix?</a>  Yoav Weiss</li> <li class="depth-1"><a href="/arch/msg/httpbisa/xX5WcOPFcas-RUKwHSpf7N-LU5o/">Re: _HttpOnly cookie prefix?</a>  Anne van Kesteren</li> <li class="depth-2"><a href="/arch/msg/httpbisa/ldNxStQYe89YC4lXk8P47RHzWEM/">Re: _HttpOnly cookie prefix?</a>  Rory Hewitt</li> <li class="depth-3"><a href="/arch/msg/httpbisa/d7A-XrfolXG3HBdA9rTUeZzSe5M/">Re: _HttpOnly cookie prefix?</a>  Daniel Veditz</li> <li class="depth-2"><a href="/arch/msg/httpbisa/8oR053SZZeciHgtDhagkSwHhKyg/">Re: _HttpOnly cookie prefix?</a>  Daniel Veditz</li> <li class="depth-4"><a href="/arch/msg/httpbisa/L4NowRhK0teihe7HqtBixdlFxCA/">Re: _HttpOnly cookie prefix?</a>  Rory Hewitt</li> <li class="depth-5"><a href="/arch/msg/httpbisa/VDuzwKjittxEAbz9pMErKHus7m8/">Re: _HttpOnly cookie prefix?</a>  Johann Hofmann</li> <li class="depth-5"><a href="/arch/msg/httpbisa/cJoVypugczpT2Qx-rujmqNPr6ck/">Re: _HttpOnly cookie prefix?</a>  Daniel Veditz</li> <li class="depth-6 current-msg"><a href="/arch/msg/httpbisa/mnQn4l7N8ylM5XUXlqsl1Z44-pk/">Re: _HttpOnly cookie prefix?</a>  Daniel Veditz</li> <li class="depth-6"><a href="/arch/msg/httpbisa/u324RZuS4LYqRemucwMkfexHvl0/">Re: _HttpOnly cookie prefix?</a>  Rory Hewitt</li> <li class="depth-4"><a href="/arch/msg/httpbisa/nWeh0lh3TFVdeiW3J-3QAf0ZyOE/">Re: _HttpOnly cookie prefix?</a>  Yoav Weiss</li> <li class="depth-2"><a href="/arch/msg/httpbisa/LuzxwMj6ld1j9vjsWm20vpvJg-U/">Re: _HttpOnly cookie prefix?</a>  Yoav Weiss</li> <li class="depth-3"><a href="/arch/msg/httpbisa/JvR1KXjBCl6sw61J8hjfk7rbEtc/">Re: _HttpOnly cookie prefix?</a>  Yoav Weiss</li> </ul> </div>  <div class="d-flex justify-content-center"> <ul id="navigation" class="list-inline"> <li class="list-inline-item"> <a id="toggle-nav" class="toggle js-off" href="#">Hide Navigation Bar</a> </li> </ul> </div> </div>  <div class="msg-aside col-md-4"></div> </div>  <div class="btn-toolbar msg-detail-toolbar" role="toolbar" aria-label="..."> <div class="btn-group" role="group" aria-label="..."> <a class="btn btn-default" href="/arch/msg/httpbisa/cJoVypugczpT2Qx-rujmqNPr6ck/"> <i class="fa fa-chevron-left" aria-hidden="true"></i> </a> <a class="btn btn-default" href="">Date</a> <a class="btn btn-default" href="/arch/msg/httpbisa/u324RZuS4LYqRemucwMkfexHvl0/"> <i class="fa fa-chevron-right" aria-hidden="true"></i> </a> </div> <div class="btn-group" role="group" aria-label="..."> <a class="btn btn-default" href="/arch/msg/httpbisa/VDuzwKjittxEAbz9pMErKHus7m8/"> <i class="fa fa-chevron-left" aria-hidden="true"></i> </a> <a class="btn btn-default" href="">Thread</a> <a class="btn btn-default" href="/arch/msg/httpbisa/u324RZuS4LYqRemucwMkfexHvl0/"> <i class="fa fa-chevron-right" aria-hidden="true"></i> </a> </div> </div> <nav class="navbar navbar-expand-md navbar-light bg-light rounded shadow-sm navbar-msg-detail my-2"> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#id-navbar-bottom" aria-expanded="false"> <span class="navbar-toggler-icon"></span> </button>  <div class="collapse navbar-collapse navbar-detail px-5" id="id-navbar-bottom"> <ul class="navbar-nav"> <li class="nav-item" title="Previous by date"> <a class="nav-link previous-in-list" href="/arch/msg/httpbisa/cJoVypugczpT2Qx-rujmqNPr6ck/" aria-label="previous in list"> <span class="fa fa-chevron-left" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Date Index"> <a class="nav-link date-index" href="/arch/browse/httpbisa/?index=mnQn4l7N8ylM5XUXlqsl1Z44-pk">Date</a> </li> <li class="nav-item" title="Next by date"> <a class="nav-link next-in-list" href="/arch/msg/httpbisa/u324RZuS4LYqRemucwMkfexHvl0/" aria-label="next in list"> <span class="fa fa-chevron-right" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Previous in thread"> <a class="nav-link previous-in-thread" href="/arch/msg/httpbisa/VDuzwKjittxEAbz9pMErKHus7m8/" aria-label="previous in thread"> <span class="fa fa-chevron-left" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Thread Index"> <a class="nav-link thread-index" href="/arch/browse/httpbisa/?gbt=1&index=mnQn4l7N8ylM5XUXlqsl1Z44-pk">Thread</a> </li> <li class="nav-item" title="Next in thread"> <a class="nav-link next-in-thread" href="/arch/msg/httpbisa/u324RZuS4LYqRemucwMkfexHvl0/" aria-label="next in thread"> <span class="fa fa-chevron-right" aria-hidden="true"></span> </a> </li> </ul> <ul class="nav navbar-nav navbar-right"> </ul> </div> </nav> </div> </div>  <div class="footer scrolling"> <p class="small text-center">v2.29.0 | <a href="https://github.com/ietf-tools/mailarch/issues">Report a Bug</a> | <a href="mailto:tools-help@ietf.org">By Email</a> | <a href="https://status.ietf.org">System Status</a></p> </div> </div>  <script src="https://static.ietf.org/mailarchive/2.29.0/jquery/js/jquery-3.6.0.min.js" crossorigin="anonymous"></script> <script src="https://static.ietf.org/mailarchive/2.29.0/bootstrap-5.1.1-dist/js/bootstrap.bundle.min.js" crossorigin="anonymous"></script> <script type="text/javascript" src="https://static.ietf.org/mailarchive/2.29.0/jquery.cookie/jquery.cookie.js"></script> <script type="text/javascript" src="https://static.ietf.org/mailarchive/2.29.0/mlarchive/js/base.js"></script> <script type="text/javascript" src="https://static.ietf.org/mailarchive/2.29.0/jquery.cookie/jquery.cookie.js"></script> <script type="text/javascript" src="https://static.ietf.org/mailarchive/2.29.0/mlarchive/js/detail.js"></script>  <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'915785dc9a00fd25',t:'MTc0MDE0OTE1NS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></body> </html>

CINXE.COM

Re: _HttpOnly cookie prefix?