Remy Maucherat wrote:
On Sat, 2008-02-09 at 16:14 -0700, Filip Hanik - Dev Lists wrote:
no regression, if you do this
c = new javax.servlet.http.Cookie("abcv1","123==");
c.setVersion(1);
response.addCookie(c);
then it works just fine.
however, if you do
c = new javax.servlet.http.Cookie("abcv0","123==");
response.addCookie(c);
then it doesn't. if we encode it, (which we did at our first attempt for
v0 cookies) we actually don't pass the TCK.
only v1 cookies should be double quoted, in previous versions of tomcat,
I believe everything got double quoted, regardless of version on the cookie.
v0 cookies, the spec says
/NAME/=/VALUE/
This string is a sequence of characters excluding semi-colon, comma
and white space. If there is a need to place such data in the name
or value, some encoding method such as URL style %XX encoding is
recommended, though no encoding is defined or required.
the problem was that encoding wasn't defined nor required. so when we
followed the spec, and added %XX encoding, TCK tests failed.
at this point I would say, we handle cookies correctly. if one needs ==
at the end of the cookie, then they need to use v1 cookies, according to
spec
I find the regressions caused by the new behavior problematic, and it
will cause lots of problems with existing applications, since the
default cookie version used is version 0.
As I'm the only one complaining at the moment, I think I'll take my
concerns elsewhere, no problem, I get the idea :) Obviously, when I say
"encoding", I am not talking about quoting the whole value (or name) as
was done before.
we did try the %XX encoding, browsers don't like it and don't behave
properly.
Filip
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
