Remy Maucherat wrote:
> Hi,
>
> I think cookies are still broken, and this is getting more and more
> complex. The apparent issue is that the parser applies v1 parsing rules
> when parsing v0 cookies (which are generated using a much more lenient
> character exclusion), resulting in cookies that cannot be parsed back.
>
> A simple example is a regular cookie session (!), where the path cannot
> even be parsed back ('/' is now in the "specials" list).
>
> Maybe we could parse as v0, and validate the bytes if the cookie turned
> out to be v1 ?
I really do loath cookies right now. I've pulled the proposed patches for 5.5.x
and 6.0.x until I (or someone else) can take a look at this.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
