Actually, the spec doesn't disagree with chosing any of the = ... But some users have supplied some reasonable arguments (base64 is padding with =, etc.) to rather chose the first = over the other ones.in that case, the user should use v1 cookies :)
Yes, right, you're 100% right - but this thread is not about v1 cookies. It's about v0 cookies.
In the case of v0 cookies, we hit the "damn, the spec is messed up - what should we do?"-case. And in this case, well - what do we do?
What would REALLY be best, is to throw exception upon setting a name or a value containg the = sign, or spaces, or any illegal characters of that kind. Soon, after some future versions of Tomcat, the mailinglist may actually experience, that people start using names containg the = character, because chosing the last = character in the cookie for splitting permits them to do so.
Well, simply make things REALLY safe (throwing exception and the like - well, does the servlet spec allow to do so? oh my god - i can see it coming: it doesn't.) Or rather try to immitate the old behaviour as good as you can without violating the spec, or the TCK test, etc. And it seems to be the case, that people don't use names containg the = character but rather use values that do which was possible with the old behaviour - and indeed seems to me to be the use-case used much more often then the "name contains =" use-case.
So if satisfying users really matters to you, you developers really have the choice, since the spec gives you that freedom, you really should ...
signature.asc
Description: OpenPGP digital signature
