On Feb 9, 2008 2:03 PM, Mark Thomas <[EMAIL PROTECTED]> wrote: > It is neither. The changes are documented in the change log. As a result of > a couple of minor security issues (see > http://tomcat.apache.org/security-6.html) the cookie handling code has been > tightened up to make it spec compliant.
Hi Mark, thanks for the good explanation, I'm fine with it, but maybe some explicit note about this change of behaviour will help people from running into trouble after an upgrade to 6.0.16... at least I wasn't able to detect this change from the URL mentioned above or the Tomcat-changelog. Just as an example: I'm using some BASE64-encoded strings, which I store in a cookie-value. These strings are padded with equal-signs on their right by the BASE64-encoding. Depending on the application changes and resulting problems in the cookie-parsing by Tomcat maybe hard to detect. Cheers, Maik --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
