tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject TC3: Cookies ( and RFCs )
Date Fri, 01 Dec 2000 05:25:07 GMT

I started to rewrite the cookie handling for 3.3, and I found some
incredible things.

First, using "Set-Cookie2:" for v1 cookies ( what's what tomcat3.2
does) is correct according to the latest spec ( RFC2965 ). But so far I
found only one browser that recognize this cookie - Lynx. MSIE5,
Netscape4.x and Netscape6 are just ignoring the header. 

Another problem is that the requires the old spec ( RFC 2109).

To support the Servlet spec ( that asks for 2109 ) we need to go back
to the old RFC, and use the Set-Cookie header for Version=1 Cookies ( and
remove Discard - invalid in 2109 ). It seems 2109 is also
unsupported by IE5, Netscape4 and 6 - and again seems to work with lynx...

The problem with 2109 is that older versions of MSIE do not support it,
and probably other browsers will fail too.

Please, if you have any idea or more experience with Cookies, please help.

The options are:

- stick with the current Set-Cookie2 header. This is the latest ( current
) cookie spec, and I don't think future browsers will implement the
obsoleted spec. 

- use RFC2109.  The current ( and it seems servlet 2.3 is
similar ) doesn't support the new features of 2965 ( port, discard ),
and using 2109 is more "compatible" with the servlet specs. 

I would prefer the first choice - at least it'll not brake older brosers
and it may work with future browsers. The second choice doesn't work with
old or current browsers, and it's not likely to be supported in future. 

For the internal ( core ) representation, we should support the new 2965
attributes anyway.

What do you think? Is anyone using V1 cookies ?



View raw message