Bill Barker wrote:
"Remy Maucherat" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
On Sun, 2008-02-10 at 23:29 +0000, Mark Thomas wrote:
Filip Hanik - Dev Lists wrote:
Would this be ok, given its a spec class? or do we have to leave this
class untouched and modify it elsewhere, in which case it'd be more of
a
hack.
I think, as long as we leave the public interface unchanged, changing the
spec class would be fine.
The spec says that RFC 2109 should be used by default so if
org.apache.catalina.STRICT_SERVLET_COMPLIANCE is true I think v0 cookies
should be used.
There's also an opportunity to force the version in addCookie. Not as
nice, but this may cause less problems.
+1 to put in addCookie or in ServerCookie. Other projects use Tomcat's
version of the servlet-api.jar, and I don't like the idea of publishing one
that isn't strictly spec compliant. Of course, as Remy pointed out, this
has the effect of forcing v1 cookies as a downside.
Probably better than forcing the version is to revert to 'always quote' in
ServerCookie unless the STRICT_SERVLET_COMPIANCE flag is true. We did the
'always quote' in the first place because it is more browser friendly (at
least for 21st century browsers).
this comes with all the other side effects of strict servlet compliance.
I'm open to either option, ie forcing cookies, or always quoting, but
would prefer a separate flag
Filip
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
