Cookie editorial

[mnot]

I have some feedback regarding the Cookie Section.

Note that this algorithm requires storing the cookies from the associated request with each response.

In Firefox we currently store a hash of the Cookie header instead of the actual cookie value in order to deal with Vary: Cookie. This is because the cookies could be large in size, and because we don't want potentially sensitive information contained in cookies to be persisted in the HTTP cache. So I think you can implement the algorithm without storing the actual cookies in the response.

I'm also wondering if this section should mention that the response may include a Set-Cookie header with one of the indices. I don't think anything special would need to happen, apart from this immediately invalidating the cache entry.