hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Commas in Cookie Value
Date Wed, 18 Jun 2003 21:21:32 GMT
This is a well known issue. According to the RFC 2109 comma is
considered a spacial character. Cookie values that contain special
characters MUST be in a quoted string. Please refer to the following bug
report for more details:


The cookie below clearly violates the RFC 2109 spec, hence the parsing

Unfortunately, so called mainstream browsers have fairly lousy standards
compliance record when it comes to cookies. IE as well Mozilla do accept
cookie values with special characters in an unquoted string. The problem
is that our compatibility cookie policy does not mimic such behaviour as
yet. That will change in 2.1 release. So, stay tuned.



On Wed, 2003-06-18 at 18:26, Ron Tower wrote:
> Hello All,
> Is there a problem when  a comma appears in a cookie value? See 02109POS below. It has
a comma in the value and is split into two cookies. IE at least parses this cookie as one
cookie. Is there a workaround for this?
> My understanding is that a cookie value can have any character other than a semicolon,
space, or tab.
> I got the following Set-Cookie headers:
> [DEBUG] wire - -<< "Set-cookie: CDSContentDistributor=137169; expires=Tuesday,
17-Jun-03 20:52:01 GMT; path=/[\r][\n]"
> [DEBUG] wire - -<< "Set-cookie: 02109POS=<www4210513143792642538,>; domain=.fidelity.com;
path=/; expires=Fri, 12-Sep-2003 00:00:00 GMT;[\r][\n]"
> [DEBUG] wire - -<< "Set-cookie: MC=clHza1XIKW50aXo3nr5LD3gDFYMSAiWYtqihBBHXpfPA37wNqncGBAAAAQAGBT7vfRkAP03;
expires=Monday, 15-Sep-2003 20:42:01 GMT; domain=.fidelity.com; path=/[\r][\n]"
> And HttpClient sent the following Cookies:
> [DEBUG] wire - ->> "Cookie: $Version=0; CDSContentDistributor=137169; $Path=/[\r][\n]"
> [DEBUG] wire - ->> "Cookie: $Version=0; 02109POS=<www4210513143792642538[\r][\n]"
> [DEBUG] wire - ->> "Cookie: $Version=0; >=; $Domain=.fidelity.com; $Path=/[\r][\n]"
> [DEBUG] wire - ->> "Cookie: $Version=0; MC=clHza1XIKW50aXo3nr5LD3gDFYMSAiWYtqihBBHXpfPA37wNqncGBAAAAQAGBT7vfRkAP03;
$Domain=.fidelity.com; $Path=/[\r][\n]"
> Thanks,
> Ron Tower

View raw message