https://issues.apache.org/bugzilla/show_bug.cgi?id=44679
--- Comment #36 from Mark Thomas <ma...@apache.org> 2009-01-29 02:04:16 PST --- I have tried to keep my response as brief as possible. v0 cookies and '=' I do not see anything in the v0 spec that indicates that '=' is not permitted in the cookie name - hence the ambiguity. I am open to revisiting this if it can be shown clearly that the v0 spec does not permit '=' in the cookie name. v1 cookies Regardless of one's views of the v1 spec, Tomcat has to support v1 cookies. I don't see any issues with Tomcat 6's v1 cookie handling in the text above but if I have missed something, please create a separate Bugzilla entry for it. v2 cookies The servlet API only supports v0 and v1 cookies. I am all for adding v2 support but this would be better handled through the Expert Group (EG). Servlet spec issues This are best handled through the EG. httpOnly This is in the 3.0 servlet spec and will be supported in Tomcat 7. There are patches proposed to backport this to 6.0.x and 5.5.x but they need to be reviewed in light of the 3.0 spec changes to try and keep things consistent. Strict servlet compliance See the specification section of http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html %XX encoding in cookie headers I did some testing of this when looking at the cookie parsing some time ago and couldn't get it to work. My tests could have been bad. The wording in the v0 spec for %XX encoding is such that relying on any encoding scheme is going to be risky - this is one of the issues with the v0 spec. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
