Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=8&rev2=9 Comment: Add some notes on separators and expires/max-age == Parsing the Cookie header by Tomcat == ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Servlet + Netscape + RFC2109'''||'''Servlet + RFC 6265'''|| - ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed|| + ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed.|| ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||Not allowed.||Not allowed.|| - ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||Netscape - quotes are part of value||Quotes are not part of value|| + ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed.||TBD||Netscape - quotes are part of value.||Quotes are not part of value.|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||Allowed.|| - ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||TBD||TBD|| - ||Always add expires||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash.|| + ||Always add expires||Enabled by default. Disabled by property.||TBD||Netsacpe uses expires. RFC2109 uses Max-Age.||Allows either, none or both.|| ||/ is separator||Enabled by default. Disabled by property.||TBD||TBD||TBD|| ||Strict naming||Enabled by default. Disabled by property.||TBD||TBD||TBD|| ||Allow name only||Disabled by default. Enabled by property.||TBD||TBD||TBD|| --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
