httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r686809 - /httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c
Date Wed, 20 Aug 2008 03:40:53 GMT
Different issue; different response.

Bill Barker wrote:
> "Nick Kew" <nick@webthing.com> wrote in message 
>> -1.  Semicolon is a perfectly valid character in a session-id, so that
>> risks breaking other apps.  The fact that Tomcat treats it as a
>> separator doesn't commit other appservers to do the same.
> 
> No, an un-escaped semicolon is a reserved character by RFC 2396, section 
> 2.2.  Since RFC 2616 section 3.2.1 uses 2396 as a reference, then an 
> un-escaped semicolon isn't valid in a session-id.

No, reserved characters are ***perfectly acceptable*** in the uri without
escaping; c.v.

2. URI Characters and Escape Sequences

    URI consist of a restricted set of characters, primarily chosen to
    aid transcribability and usability both in computer systems and in
    non-computer communications. Characters used conventionally as
    delimiters around URI were excluded.  The restricted set of
    characters consists of digits, letters, and a few graphic symbols
    were chosen from those common to most of the character encodings and
    input facilities available to Internet users.

       uric          = reserved | unreserved | escaped


...
       reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
                     "$" | ","

...
       unreserved  = alphanum | mark

       mark        = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"

Mime
View raw message