https://issues.apache.org/bugzilla/show_bug.cgi?id=51138
--- Comment #6 from Mark Thomas <ma...@apache.org> 2011-05-02 16:10:51 UTC --- That is a fair point. A similar argument can be made around the use of ":" etc. in date headers although those are single value headers so parsing them is simpler and separators won't cause complications like they can in cookie headers. rfc6265 is still a draft, but then again so is rfc2616. What really matters with these specifications - and particularly the cookie specs given the minimal adoption of rfc2965 and the selective implementation of rfc2109 - is adoption. The Servlet 3 spec doesn't even mention rfc2965 (not necessarily a bad thing). If you want the Servlet spec to support rfc6265 then you'll need to lobby the Servlet Expert Group. I wouldn't be against supporting rfc6265 but there are several issues of concern: - I would want to look hard at the various security issues that lead to Tomcat tightening up compliance with the cookie specifications to assure myself that implementing rfc6265 was secure - browser (specifically IE) interoperability with rfc6265 - backwards compatibility with applications that expect rfc2109 compliant cookie headers Regardless of all of the above, the Tomcat 7 implementation based on rfc2109 as per the Servlet 3.0 specification is not going to change. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
