Return-Path: Mailing-List: contact commons-httpclient-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list commons-httpclient-dev@jakarta.apache.org Received: (qmail 8613 invoked by uid 98); 29 Nov 2002 19:21:17 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) Received: (qmail 8594 invoked from network); 29 Nov 2002 19:21:15 -0000 Received: from daedalus.apache.org (HELO apache.org) (63.251.56.142) by nagoya.betaversion.org with SMTP; 29 Nov 2002 19:21:15 -0000 Received: (qmail 20259 invoked by uid 500); 29 Nov 2002 19:20:07 -0000 Received: (qmail 20252 invoked from network); 29 Nov 2002 19:20:06 -0000 Received: from unknown (HELO KCCXOEX11.corp.kpmgconsulting.com) (57.80.136.23) by daedalus.apache.org with SMTP; 29 Nov 2002 19:20:06 -0000 Received: from kccxoex03.corp.kpmgconsulting.com ([57.80.136.6]) by KCCXOEX11.corp.kpmgconsulting.com with Microsoft SMTPSVC(5.0.2195.4905); Fri, 29 Nov 2002 19:19:03 +0000 X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Subject: RE: [PATCH] Cookie default version fix, Cookie.parse() method refactored Date: Fri, 29 Nov 2002 19:20:08 -0000 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [PATCH] Cookie default version fix, Cookie.parse() method refactored Thread-Index: AcKX2iaTN9kwgdQaRyiWQSTqtg2UtQAAhClg From: "Kalnichevski, Oleg" To: "Commons HttpClient Project" X-OriginalArrivalTime: 29 Nov 2002 19:19:03.0191 (UTC) FILETIME=[2D825270:01C297DC] X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Jeff,=20 You now what? At times I can't help thinking that logging at the DEBUG = verbosity currently is next to being absolutely useless.=20 I'll happily reduce the noise the Cookie class produces, if nobody = objects. I was afraid I was already too liberal about changing stuff. = Just let me know Cheers Oleg -----Original Message----- From: Jeffrey Dever [mailto:jsdever@sympatico.ca] Sent: Friday, November 29, 2002 8:04 PM To: Commons HttpClient Project Subject: Re: [PATCH] Cookie default version fix, Cookie.parse() method = refactored Committed. Factoring looks good. Still a bit verbose on logging, but=20 an improvement. -jsd Kalnichevski, Oleg wrote: >Changes: > >1) This patch fixes the problem of Cookie class assuming Netscape = cookie format per default. With this fix RFC 2109 compliant validation = applies unless the cookie version is explicitly set to 0 (Netscape = cookie draft) > >2) I have also taken liberty in heavily refactoring the Cookie.parse() = method=20 >- I have tried to restructure the code by separating parsing and = validation processes. The code is a bit more modular now >- I have improved (or so I'd like to hope) exception handling and = logging, which was next to awful, at least in my humble opinion. Stuff = should be more consistent now >- The code should have gotten somewhat cleaner. (Code clarity is a = subjective matter, though, so critique is always welcome) > >All unit tests run fine, however I sense more testing may be needed.=20 > >Let me know what you think > >Oleg > > > > > > >-----Original Message----- >From: Oleg Kalnichevski [mailto:o.kalnichevski@dplanet.ch] >Sent: Thursday, November 28, 2002 22:03 >To: Commons HttpClient Project >Subject: Re: Special domains as defined by Netscape do not seem to >make much sense (Cookies of all countries, unite!!!) > > >Brett, >You are absolutely right. Cookies with version attribute set to 0 = should >still be treated in accordance with the Netscape's draft. The problem = is >that currently the HttpClient assumes cookie version 0 per default. = That >is the cause of the problem. I believe unless version 0 is explicitly >specified cookie format should be assumed conforming to the RFC 2109. >That's it. That will solve the problem. Anyone sees that differently? > >Oleg > > >On Thu, 2002-11-28 at 20:30, Brett Knights wrote: > =20 > >>>From: "Danny Burkes" >>>It seems clear to me that HttpClient should conform to RFC2109, >>> =20 >>> >>which >> =20 >> >>>superceded Netscape's draft. Section 4.3.2 of RFC2109 clearly lays >>> =20 >>> >>out the >> =20 >> >>>rules of cookie rejection, and HttpClient should implement to those >>> =20 >>> >>rules. >> =20 >> >>>IMHO, Netscape's draft is just some old cruft, and you shouldn't >>> =20 >>> >>worry about >> =20 >> >>>it. Stick to the RFC. >>> =20 >>> >>I haven't read the whole of rfc2109 but it does say that cookies >>complying with it are version 1 cookies and should contain a version >>field identifying it as such. >> >>The netscape spec is for version 0 cookies. >> >>If rfc 2109 is a cleaned up superset of the netscape spec then by all >>means ignore the netscape spec. >>If, however, the netscape spec defines different behaviour then you >>should still conform to the netscape spec for version 0 cookies except >>in the case where it is clearly wrong or doesn't reflect a commonly >>accepted practise (the case here) >> >> >> >>-- >>To unsubscribe, e-mail: = >>For additional commands, e-mail: = >> =20 >> >>-----------------------------------------------------------------------= - >> >>-- >>To unsubscribe, e-mail: = >>For additional commands, e-mail: = >> -- To unsubscribe, e-mail: = For additional commands, e-mail: =