"Remy Maucherat" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Sun, 2008-02-10 at 23:29 +0000, Mark Thomas wrote: >> Filip Hanik - Dev Lists wrote: >> > Would this be ok, given its a spec class? or do we have to leave this >> > class untouched and modify it elsewhere, in which case it'd be more of >> > a >> > hack. >> >> I think, as long as we leave the public interface unchanged, changing the >> spec class would be fine. >> >> The spec says that RFC 2109 should be used by default so if >> org.apache.catalina.STRICT_SERVLET_COMPLIANCE is true I think v0 cookies >> should be used. > > There's also an opportunity to force the version in addCookie. Not as > nice, but this may cause less problems. >
+1 to put in addCookie or in ServerCookie. Other projects use Tomcat's version of the servlet-api.jar, and I don't like the idea of publishing one that isn't strictly spec compliant. Of course, as Remy pointed out, this has the effect of forcing v1 cookies as a downside. Probably better than forcing the version is to revert to 'always quote' in ServerCookie unless the STRICT_SERVLET_COMPIANCE flag is true. We did the 'always quote' in the first place because it is more browser friendly (at least for 21st century browsers). > Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
