hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 25264] - Cookie rejected
Date Tue, 09 Dec 2003 09:13:37 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25264>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25264

Cookie rejected





------- Additional Comments From olegk@apache.org  2003-12-09 09:13 -------
> I've also noticed that the current domain match implementation matches 
> "y.x.foo.com" with ".foo.com", though this is explicitly disallowed in 
> the RFC.  We need to fix this one for sure.

Mike,
In RFC2109 cookie spec domain match is implemented correctly. However, in
browser compatibility mode I do not think we should change the way domains are
matched, as the RFC compliance was relaxed a year ago precisely in order to
mimic the logic (or lack thereof) of mainstream browsers. Someone even took a
look at Mozilla's source code to double-check on that.

Roland,
I still must have a dormant Sourceforce account. I'll take a closer look at the
Sourceforce login procedure and provide a patch for our browser compatibility
cookie spec if required

Oleg

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message