On Thu, Oct 08, 2009 at 10:22:45PM -0700, Shawn O. Pearce wrote: > +Servers MUST NOT require HTTP cookies for the purposes of > +authentication or access control. > [...] > +Servers MUST NOT require HTTP cookies in order to function correctly. > +Clients MAY store and forward HTTP cookies during request processing > +as described by RFC 2616 (HTTP/1.1). Servers SHOULD ignore any > +cookies sent by a client. Why not? I can grant that the current git implementation probably can't handle it, but keep in mind this is talking about the protocol and not the implementation. And I can see it being useful for sites like github which already have a cookie-based login. Adapting the client to handle this case would not be too difficult (it would just mean keeping cookie state in a file between runs, or even just pulling it out of the normal browser's cookie store). And people whose client didn't do this would simply get an "access denied" response code. Is there a technical reason not to allow it? -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html