HTTPbis E. Wright Internet-Draft Shopify Updates: 6265 (if approved) S. Huang Intended status: Standards Track M. West Expires: September 4, 2016 Google, Inc March 3, 2016 A Retention Priority Attribute for HTTP Cookies draft-west-cookie-priority-00 Abstract This document defines the "Priority" attribute for HTTP cookies. This attribute allows servers to specify a retention priority for HTTP cookies that will be respected by user agents during cookie eviction. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 4, 2016. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Wright, et al. Expires September 4, 2016 [Page 1] Internet-Draft cookie-priority March 2016 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology and notation . . . . . . . . . . . . . . . . . . 2 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Examples . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Server Requirements . . . . . . . . . . . . . . . . . . . . . 4 4.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.2. Semantics (Non-Normative) . . . . . . . . . . . . . . . . 5 4.3. The 'Priority' Attribute . . . . . . . . . . . . . . . . 5 5. User Agent Requirements . . . . . . . . . . . . . . . . . . . 5 5.1. The 'Priority' Attribute . . . . . . . . . . . . . . . . 5 5.2. Storage Model . . . . . . . . . . . . . . . . . . . . . . 5 6. Implementation Considerations . . . . . . . . . . . . . . . . 6 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 7.2. Informative References . . . . . . . . . . . . . . . . . 7 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction This document defines the "Priority" attribute for HTTP cookies. Using the "Priority" attribute, servers may indicate that certain cookies should be protected, and others preferentially deleted. When a user agent evicts cookies in the enforcement of a per-domain quota, lower priority cookies will be deleted first, potentially preserving higher-priority cookies that would otherwise have been deleted according to the rules of [RFC6265]. 2. Terminology and notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. This specification uses the Augmented Backus-Naur Form (ABNF) notation of [RFC5234]. Two sequences of octets are said to case-insensitively match each other if and only if they are equivalent under the "i;ascii-casemap" collation defined in [RFC4790]. Wright, et al. Expires September 4, 2016 [Page 2] Internet-Draft cookie-priority March 2016 3. Overview This section outlines a way for an origin server to indicate the retention priority for individual cookies and for the user agent to respect retention priorities during cookie eviction. To indicate a cookie's retention priority, the origin server includes a "Priority" attribute in the "Set-Cookie" HTTP response header. A value of "Low" indicates that the cookie should be given lower retention priority (evicted prior to other cookies). A value of "High" indicates that a cookie should be given higher retention priority (evicted after other cookies). The value of "Medium" corresponds to the default behavior. In order to prevent starvation of functionality dependent on low- and medium-priority cookies, a fraction of the cookie quota should be reserved for them. [RFC6265], Section 5.3, describes a strategy that user agents must follow when "removing excess cookies". A user agent implementing the current specification for a retention priority attribute will implement an extended priority order, dividing the second priority ("Cookies that share a domain field with more than a predetermined number of other cookies") into multiple levels corresponding to the three retention priorities. As a result, when the cookies for a given domain exceed user agent limits, cookies with low priority will be evicted first, followed by medium and high priority cookies. 3.1. Examples Using the Priority attribute, an origin server may assign a retention priority to a cookie stored by a user agent. For example, the origin server may prioritize the retention of session security tokens while indicating that superficial data such as a user's favorite color should be discarded in preference to other data. The following figure illustrates a series of 33 cookies received by a user-agent from the example.com server during one or more HTTP responses. Each cookie is represented by an L, M, or H indicating low, medium, or high priority, respectively. == Least Recently Accessed -> Most Recently Accessed == M L H H H H M H L L M M M M M M M L L L L L M M M M M H M M L L M Wright, et al. Expires September 4, 2016 [Page 3] Internet-Draft cookie-priority March 2016 Assume that the user agent is configured to evict all but 25 cookies from a domain when the number of cookies exceeds 31. [RFC6265] specifies the following eviction order. Cookies are separated in the vertical axis by priority. Evicted cookies are labeled with a '1' and retained cookies with an 'X'. == Least Recently Accessed -> Most Recently Accessed == L 1 X X X X X X X X X M 1 1 X X X X X X X X X X X X X X X H 1 1 1 1 1 X A user agent that implements the current specification, reserving room for 5 low-, 15 medium-, and 5 high-priority cookies, would implement a modified eviction order as follows. '1', '2', and '3' indicate cookies evicted during various phases of the algorithm. == Least Recently Accessed -> Most Recently Accessed == L 1 1 1 1 1 X X X X X M 2 2 X X X X X X X X X X X X X X X H 3 X X X X X Of note is that the retention priority does not impact the relative eviction priority of cookies being evicted due to the global threshold (i.e., once no domain exceeds the per-domain threshold). Furthermore, this new attribute has no effect on domains that do not send it. 4. Server Requirements This section describes the syntax and semantics of the "Priority" cookie attribute. 4.1. Syntax The Set-Cookie HTTP response header syntax is defined in [RFC6265], Section 4.1.1. The grammar defined therein provides for tokens of type 'extension-av'. The Priority attribute is a subset of 'extension-av' that may appear zero or one times in a given 'set- cookie-header'. If it appears, the 'priority' attribute must conform to the following grammar: priority-av = "Priority=" priority-value priority-value = "Low" / "Medium" / "High" Wright, et al. Expires September 4, 2016 [Page 4] Internet-Draft cookie-priority March 2016 4.2. Semantics (Non-Normative) This section describes a simplified semantics of the "Priority" attribute in the "Set-Cookie" HTTP response header. The full semantics are described in Section 5. 4.3. The 'Priority' Attribute The "Priority" attribute indicates a retention priority relative to other cookies from the same domain as the cookie carrying the attribute. During cookie eviction in enforcement of per-domain cookie limits, "Low" priority cookies will be evicted before "Medium" and "Medium" before "High". Cookies without a specified priority are considered to have "Medium" priority. 5. User Agent Requirements [RFC6265], Section 5.2 describes how user agents must parse the value of the "Set-Cookie" HTTP response header. This specification provides additional processing steps that user agents must follow when they encounter a "Priority" attribute. "Set-Cookie" headers that do not specify the "Priority" attribute MUST be treated as if the attribute was present and had the value Medium. 5.1. The 'Priority' Attribute If the "attribute-name" case-insensitively matches the string "Priority", the user agent MUST process the "cookie-av" as follows: If the "attribute-value" case-insensitively matches the string "Low", the cookie is assigned a low retention priority. If the "attribute-value" case-insensitively matches the string "Medium", the cookie is assigned a medium retention priority. If the "attribute-value" case-insensitively matches the string "High", the cookie is assigned a high retention priority. Otherwise, the cookie is assigned a medium retention priority. 5.2. Storage Model [RFC6265], Section 6.1 recommends that user agents set limits on the number of cookies they will store. [RFC6265], Section 5.3, describes a strategy that user must follow when "removing excess cookies". Wright, et al. Expires September 4, 2016 [Page 5] Internet-Draft cookie-priority March 2016 A user agent implementing the current specification for a retention priority attribute will set aside a small portion of its storage quota for low-priority cookies, and another portion for medium- priority cookies. During eviction, compatible user agents will implement an extended priority order, dividing the second priority ("Cookies that share a domain field with more than a predetermined number of other cookies") into three, according to the retention priorities and the space reserved for them. Assuming that no other extensions ammend the rules defined in [RFC6265], a compatible user agent MUST therefore evict cookies in the following priority order (L and M refer to the amount of space reserved for low- and medium- priority cookies respectively, per domain). As per [RFC6265], within each category the least-recently accessed cookies should be deleted first. 1. Expired cookies. 2. Cookies with a low retention priority that share a domain field with more than a predetermined number of other cookies, excluding the first L low-priority cookies from that domain. 3. Cookies with a low or medium retention priority that share a domain field with more than a predetermined number of other cookies, excluding the first L + M low- and medium-priority cookies from that domain. 4. Cookies that share a domain field with more than a predetermined number of other cookies. 5. All cookies. 6. Implementation Considerations This specification extends [RFC6265] in order to enable improved behaviour when servers are unable or unwilling to keep the number of distinct cookies served by their domains within the limits of user agents. As this specification is unlikely to ever achieve universal adoption by user agents, servers SHOULD gracefully degrade if their specifed cookie retention priorities are not respected. 7. References 7.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . Wright, et al. Expires September 4, 2016 [Page 6] Internet-Draft cookie-priority March 2016 [RFC4790] Newman, C., Duerst, M., and A. Gulbrandsen, "Internet Application Protocol Collation Registry", RFC 4790, DOI 10.17487/RFC4790, March 2007, . [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008, . [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, DOI 10.17487/RFC6265, April 2011, . 7.2. Informative References [Wright2013] Wright, E. and S. Huang, "A Retention Priority Attribute for HTTP Cookies", n.d., . Appendix A. Acknowledgements This document is based heavily on an earlier draft written by Erik Wright and Samuel Huang [Wright2013], and the experimentation done in cooperation with Google's login team. Authors' Addresses Erik Wright Shopify Samuel Huang Google, Inc Email: huangs@google.com Mike West Google, Inc Email: mkwst@google.com Wright, et al. Expires September 4, 2016 [Page 7]