Remy Maucherat wrote:
On Sun, 2008-02-10 at 11:17 -0700, Filip Hanik - Dev Lists wrote:
Remy Maucherat wrote:
On Sun, 2008-02-10 at 11:44 -0500, Jim Manico wrote:
Filip - you are 100% correct on this thread. Are you basically the
traffic cop guarding the core of Tomcat?
I understand, you are not impacted by the behavior change, and as a
result this allows you to be "fair", I suppose. The issue is that the
behavior of Tomcat has been different, in all prior releases, and
changing it of all a sudden without any configuration capability because
it feels nice to play "spec lawyer" is wrong to me. Similar decisions
have been made in the past, and this did cause problems, it's simply
faster to add the appropriate options right away.
what about my suggestion, to add a flag to default to v1 cookies. they
get quoted and old behavior will continue to work.
This is the sort of configuration option which seems appropriate.
essentially, browsers treated our previous v0 cookies as v1 when we
quoted them.
question, obviously it would be easiest for us to put the global flag in
the javax.servlet.http.Cookie class directly
-private int version = 0; // ;Version=1 ... means RFC 2109++ style
+private int version =
Integer.parseInt(System.getProperty("org.apache.catalina.cookie.version","1"));
// ;Version=1 ... means RFC 2109++ style
Would this be ok, given its a spec class? or do we have to leave this
class untouched and modify it elsewhere, in which case it'd be more of a
hack.
Filip
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
