Mark Thomas wrote:
jean-frederic clere wrote:
Filip Hanik - Dev Lists wrote:
I'm having problems with the cookie parsing
It is seems there are 2 problems... The version (only TCK will complain)
Haven't looked at this
yes, this is a bug, the version number will never be anything but 0 for
any parsed cookie.
should that stop a release? I think 6.0.15 is very stable, and long
needed bug fixes, I'll let Remy as the release manager make the call
unless someone feels otherwise
and we are re escaping already escaped strings.
The spec isn't 100% clear on who is responsible for escaping the values if
required.
<spec-quote section=SRV.16.1.1.1>
... The value can be anything the server chooses to send. ...
</spec-quote>
<spec-quote section=SRV.16.1.1.2>
...
setValue(String)
what j-f-c is saying here, is that if there is a value of
Cookie: $Version=1; C1=C1;$Path="\"/foo/bar\"";$Domain=d1;
when it is being parsed, it double escapes it
Path="\\"/foo/bar\\""
Filip
...
With Version 0 cookies, values should not contain white space, brackets,
parentheses, equals signs, commas, double quotes, slashes, question marks,
at signs, colons, and semicolons. Empty values may not behave the same way
on all browsers.
...
</spec-quote>
This suggests to me that the webapp writer can set what they like for a
version 1 cookie and it is the server's responsibility to escape it.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
