https://bz.apache.org/bugzilla/show_bug.cgi?id=60788
--- Comment #13 from Markus Malkusch <mar...@malkusch.de> --- Then let me add more details to the described case: The intended symetric round trip behaviour was not given. The Cookie was initially created with the Servlet API (containing only alphanumeric characters), which sends a Set-Cookie header without quotes (Set-Cookie: userId=foo;Max-Age=15552000;path=/). It was the user agent (Dalvik/2.1.0 (Linux; U; Android 5.1; A2 Build/LMY47I)) which then continued to send it back with quotes. I couldn't find anything in the related RFCs which forbids this, so I assume it's a possible and valid behaviour. I think it's wrong in this case to expose those quotes to the application programmer. It is unexpected and leads to errors in application. However it is currently a rare case. I observe it once every 5k requests. Application programmers can easily mitigate the issue themselves, if they only knew. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
