tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Cookie.setDomain should throw exception with bad domain arg?
Date Mon, 03 Mar 2003 14:00:06 GMT
In the javadocs, Cookie.setDomain() says:
The form of the domain name is specified by RFC 2109.

Where RFC 2109 says:
       Optional.  The Domain attribute specifies the domain for which the
       cookie is valid.  An explicitly specified domain must always start
       with a dot.

And the code for setDomain() - for tomcat 4,5:
     public void setDomain(String pattern) {
	domain = pattern.toLowerCase();	// IE allegedly needs this

Shouldn't an exception be thrown since the incoming domain is not RFC 
2109 compliant?  But that may break a lot of code. (including mine) I 
discovered this accidently when HttpClient yelled at me when my 
webserver was passing bad domains back.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message