tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: That Cookie thing
Date Mon, 01 Jul 2002 12:29:06 GMT
http://wp.netscape.com/newsref/std/cookie_spec.html
   OR
http://www.ietf.org/rfc/rfc2109.txt
   OR
http://www.ietf.org/rfc/rfc2965.txt

PATH=path
Optional. The Path attribute specifies the subset of URLs to which this 
cookie applies.

John Baker wrote:
> On Monday 01 July 2002 13:16, peter lin wrote:
> 
>>that's the problem with assumptions :)
>>
>>Actually I believe the W3C spec says the path will default to directory
>>the pages resides in. So that page /hello/greeting.jsp will have
>>"/hello" as the path.  Only files under "/hello" can read the cookie.
>>Atleast that's my understanding of how cookie path is supposed to be
>>set.  Some one correct me if I am wrong.
> 
> 
> Well a reliable source tells me that there is no w3c spec for Cookies, and 
> infact the concept was conjured by Netscape. There is an RFC spec for 
> Cookies, but it's largely ignored.
> 
> So as the useful browsers out there ignore Cookie requests without a path, it 
> might be handy to add it by default so other people don't spend an hour or 
> two sitting there thinking "Why doesn't this work?". The current context path 
> would be handy, so the response code could look like this:
> 
> public void addCookie(Cookie c)
> {
> 	// whatever
> 	if (c.getPath() == null)
> 		c.setPath(getContextPath());
> 	// etc
> }
> 
> Just a thought :)
> 
> 
> 
>>peter
>>
>>John Baker wrote:
>>
>>>On Monday 01 July 2002 12:59, peter lin wrote:
>>>
>>>>if you want the cookies to be readable by all pages, you should set it
>>>>to "/".  That's standard practice. Also, if you have multiple webserver
>>>>with names like www1, www2, www3....., you should also set the cookie
>>>>to use yourbiz.com.
>>>
>>>I know this ;-) But I'd forgotten to put the / there, and assumed the
>>>browser would assume this if no / was passed to it. However they don't,
>>>so I was suggesting that if a Cookie has no path set then one should be
>>>written by default as a totally useless header is currently written in
>>>the form:
>>>
>>>Set-Cookie: someName=someValue; expires....
>>>
>>>and due to the lack of a path, every browser ignores it.
>>
> 



--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message