hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Liang Sun (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1006) BrowserCompatSpec: don't trim " around cookie value
Date Tue, 07 Feb 2012 13:48:59 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13202377#comment-13202377

Liang Sun commented on HTTPCLIENT-1006:

According to RFC2109, 
   word            =       token | quoted-string
the value can be quoted  string.

In the History Chapter:

In Netscape's original proposal, the values in attribute-value pairs
   did not accept "-quoted strings.  Origin servers should be cautious
   about sending values that require quotes unless they know the
   receiving user agent understands them (i.e., "new" cookies).  A
   ("new") user agent should only use quotes around values in Cookie
   headers when the cookie's version(s) is (are) all compliant with this
   specification or later.

That means the value can be quoted string if you consider your clients all use "new" cookies.
Actually, we have been using "new" cookies for a long time. So that's not a problem.

I agree with Marc. and consider this is bug. Actually, we frustrated due to this bug. Fortunately,
we found it at last.
> BrowserCompatSpec: don't trim " around cookie value
> ---------------------------------------------------
>                 Key: HTTPCLIENT-1006
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1006
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpCookie
>    Affects Versions: 4.0.2
>            Reporter: Marc Guillemot
> If the server sends a cookie header like:
> Set-Cookie: first="hello world"
> then HttpClient parses it as cookie with value >hello world<, wrongly removing
the leading and trailing quotes. The incorrect quote removal occurs in BasicHeaderValueParser.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message