https://issues.apache.org/bugzilla/show_bug.cgi?id=48559
LuisAguilera <luis.aguil...@ca.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
--- Comment #2 from LuisAguilera <luis.aguil...@ca.com> 2010-01-17 10:33:28 UTC
---
thanks for the prompt response.
Do you mean to state the the cookie specification requires that cookie data be
enclosed in double-quotes? If so, then yes, this may be a bug in those third
party applications, such as ours.
However, it has been our experience for over 10 years that cookie data is never
enclosed in double-quotes. Hence our product has been able to operate
successfully with a large number of third-party products, including Tomcat
(pre-6.0.12).
The issue is not regarding our product when it is installed along with Tomcat.
Instead, the issue is regarding the interoperability of our product running
elsewhere.
let me use an example to illustrate.
I'm a user and I open my browser. I access a site, I do something on this site
and acquire a cookie from this site. For arguments sake, this a plain html site
running on Apache. Let's call this cookie something like this:
app1cookie = luishasloggedintoapp1
So far so good. I can continue to traverse through various sites in my
enterprise environment (which could feature applications running on various
different platforms, IIS, Apache, Sun Java Web Server, Domino, WebLogic,
WebSPhere, etc.) And where appropriate, other apps will read this cookie and do
things with it; in some cases giving me other cookies.
The problems comes when I go through an app that is hosted on Tomcat. The
cookie that was previously written like this:
app1cookie = luishasloggedintoapp1
Is presented to Tomcat, and after Tomcat processes it, it becomes:
app1cookie = "luishasloggedintoapp1"
The problem is not directly on Tomcat, since it can correctly resolve the
double-quotes the enclose the cookie data.
The problem is that other apps, not running on Tomcat (e.g. the plain html site
on Apache), do not handle the presence of the double-quote correctly.
It seems to us that forcing all apps to comply with the Tomcat double-quote
requirement is a rather heavy-handed approach.
I can anticipate that many other third-party applications will have difficulty
with this double-quote requirement.
However, if, as you state, the double-quote represents a more strict
implementation of the cookie specification, then this an issue for many other
third-party vendors to address. Would you please point out to me where the
cookie specification specifies this double-quote requirement?
thanks!
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
