Host cookie-prefix requires Path attribute

[ericlaw1979]

https://github.com/httpwg/http-extensions/blob/master/draft-ietf-httpbis-cookie-prefixes.md contains the following text:

4. Sent to every request for a host. That is, a cookie named "__Host-cookie1" 
    MUST contain a Path attribute with a value of "/".

The following cookies would always be rejected:

Set-Cookie: __Host-SID=12345
Set-Cookie: __Host-SID=12345; Secure

The start of the sentence "That is," implies that the only way to ensure a cookie is sent to every path is to explicitly include Path=/ but this isn't the case; the cookie Set-Cookie: __Host-SID=12345; Secure will be sent to every path if the page containing this response header is served from the root of the server.

Looking at Chrome's code, it appears that we explicitly require the path attribute be present with a value of Path=/

So, proposed change (also optionally cleaning up parallelism for point 3):

3. Set without a Domain attribute. That is, a cookie set from https://example.com will therefore be sent only to example.com, and not to subdomain.example.com.

4. Set with an explicit Path attribute with a value of "/".

The following cookies would always be rejected:

Set-Cookie: __Host-SID=12345
Set-Cookie: __Host-SID=12345; Secure

[mikewest]

Poked at the algorithm in the upcoming -02 draft of RFC6265bis.