https://issues.apache.org/bugzilla/show_bug.cgi?id=44679
--- Comment #37 from Peter Pichler <peter.pich...@csd.at> 2009-01-29 10:13:12 PST --- (In reply to comment #36) > I have tried to keep my response as brief as possible. > > v0 cookies and '=' > I do not see anything in the v0 spec that indicates that '=' is not permitted > in the cookie name - hence the ambiguity. I am open to revisiting this if it > can be shown clearly that the v0 spec does not permit '=' in the cookie name. It is an lack in the Netscape Draft... With good will it is possible to interpretate the draft like... "it is clear, that it is not possible to have cookie names containing an equal mark, because the equal mark is the delimiter for the cookie name"... for sure you can argue otherwise also... (Other forbidden characters are mentioned explicitly... so the cookie draft allows the equal mark for cookie names...) The cookie draft can not be changed any more... so we have to look how to handle it... Because it is impossible to implement a Cookie-Handling allowing "=" in the cookie name... it makes no sense trying to support it... > v1 cookies > Regardless of one's views of the v1 spec, Tomcat has to support v1 cookies. I > don't see any issues with Tomcat 6's v1 cookie handling in the text above but > if I have missed something, please create a separate Bugzilla entry for it. You are right, cause the servlet spec requires cookie1 support.... (but they say cookie1 is experimental and should not be used on production side... because of that - and because cookie1 is obsolete since more than 8 years - it may be clever to put not to much effort in the cookie1 support.... a private meaning... My topic is the cookie0 support... the cookie1 topic came up, cause others are arguing with cookie1 when talking about cookie0) > v2 cookies, httpOnly... You are right... v2 Cookie-Support, HttpOnly-Support should be defined first in the servlet-spec... > %XX encoding in cookie headers > I did some testing of this when looking at the cookie parsing some time ago > and > couldn't get it to work. My tests could have been bad. The wording in the v0 > spec for %XX encoding is such that relying on any encoding scheme is going to > be risky - this is one of the issues with the v0 spec. This is what I do in applications with cookie values previously used base64 encoding.... (to eliminate slash and equal-mark... I use base64 and URL-Encoding after, because this produces shorter result strings) ... Until now it seems to work fine . If there are realy problems with this kind of work-around... it would be interesting for me... (but we are testing our software with serveral browsers and environments - and until now no problem has been reported) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
