https://issues.apache.org/bugzilla/show_bug.cgi?id=49000
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
--- Comment #2 from Mark Thomas <ma...@apache.org> 2010-04-04 15:38:49 UTC ---
Hmm. Neither of those two cookies are valid since both name and value are
mandatory.
Tomcat 6 (and probably earlier) has allowed what is referred to in the code as
name only cookies. I think this is another candidate for a cookie configuration
option in Tomcat 7 (ALLOW_NAME_ONLY_COOKIES ?) that defaults to false and
rejects these invalid cookies.
In terms of what this option does allow, since we are outside the spec, we can
choose what we want to allow and disallow. I quite like the current allow
'name' but not 'name=' as the latter looks like an error whilst the first looks
an attempt to have a name only cookie.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
