https://issues.apache.org/bugzilla/show_bug.cgi?id=51138
--- Comment #7 from Jelmer Kuperus <jel...@jteam.nl> 2011-05-02 21:32:56 UTC --- Mark, maybe you should read up on the spec, It was actually written to bring the standard in-line with actual practices. So in that sense it has 100% adoption. As far as I can tell the servlet spec does not specify how to interpret cookies sent by the client. it only specifies in which format the cookies can be sent to the client. And in fact it is not based on rfc2109, it recommends using the netscape spec because "RFC 2109 is still somewhat new, consider version 1 as experimental; do not use it yet on production sites." So I dont see how resolving this bug would break compatibility with the servlet spec. So yes it breaks compatibility with rfc2616, but since you are already not compatible with it for good reasons. I do not see why this is a big deal. Disallowing = in the Authentication header would break basic authentication in most if not all browsers Disallowing colons, pipes etc in cookie values breaks cookie handeling for lots of cookies in most of not all browsers To me its the exact same thing -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
