https://issues.apache.org/bugzilla/show_bug.cgi?id=55984
Bug ID: 55984
Summary: Invalid V1 cookie generated if value contains
separator and ALLOW_HTTP_SEPARATORS_IN_V0 is true
Product: Tomcat 8
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: jboy...@apache.org
If ALLOW_HTTP_SEPARATORS_IN_V0 is true, then setting a value for a V1 cookie
containing a separator results in an invalid value per the V1 specification.
For example,
Cookie cookie = new Cookie("foo", "a=b");
cookie.setVersion(1);
will create a header of the form:
Set-Cookie: foo=a=b; Version=1
which is not a valid header per RFC2109.
Because the version is specifically set to 1 the property should be ignored as
this is not a V0 cookie. The result after auto-quoting would be
Set-Cookie: foo="a=b"; Version=1
Alternatively this could result an IAE because the value «a=b» is not a token
or quoted-string and hence not valid in a V1 cookie.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
