tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 15576] - IllegalArgumentException during adding a cookie
Date Thu, 10 Jun 2004 19:26:54 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=15576>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=15576

IllegalArgumentException during adding a cookie





------- Additional Comments From opus@aracnet.com  2004-06-10 19:26 -------
William, I went ahead and re-read the RFC. After doing some investigation, I 
now agree and disagree with you.

According to RFC 2109 found at, http://www.faqs.org/rfcs/rfc2109.html, section 
4.2.2 Set-Cookie Syntax:

The syntax for the Set-Cookie response header is

set-cookie	=       "Set-Cookie:" cookies
cookies		=       1#cookie
cookie		=       NAME "=" VALUE *(";" cookie-av)
NAME		=       attr
VALUE		=       value
cookie-av	=       "Comment" "=" value
		|       "Domain" "=" value
		|       "Max-Age" "=" value
		|       "Path" "=" value
		|       "Secure"
		|       "Version" "=" 1*DIGIT

According to the general syntax in the same RFC:

The two state management headers, Set-Cookie and Cookie, have common syntactic 
properties involving attribute-value pairs.  The following grammar uses the 
notation, and tokens DIGIT (decimal digits) and token (informally, a sequence 
of non-special, non-white space characters) from the HTTP/1.1 specification 
[RFC 2068] to describe their syntax.

av-pairs	=       av-pair *(";" av-pair)
av-pair		=       attr ["=" value]        ; optional value
attr		=       token
value		=       word
word		=       token | quoted-string

Attributes (names) (attr) are case-insensitive.  White space is permitted 
between tokens.  Note that while the above syntax description shows value as 
optional, most attrs require them.

So the value in the cookie can either be a token or a quoted-string. 
According to RFC found at http://www.faqs.org/rfcs/rfc2068.html tokens are 
defined as:

          Token		= 1*<any CHAR except CTLs or tspecials>

          tspecials	= "(" | ")" | "<" | ">" | "@"
			| "," | ";" | ":" | "\" | <">
                        | "/" | "[" | "]" | "?" | "="
                        | "{" | "}" | SP | HT ”


According to RFC found at http://www.faqs.org/rfcs/rfc2068.html quoted-strings 
are defined as:

A string of text is parsed as a single word if it is quoted using double-quote 
marks.

quoted-string		= ( <"> *(qdtext) <"> )

qdtext			= <any TEXT except <">>

According to RFC found at http://www.faqs.org/rfcs/rfc2068.html TEXT is defined 
as:

The TEXT rule is only used for descriptive field contents and values that are 
not intended to be interpreted by the message parser. Words of *TEXT may 
contain characters from character sets other than ISO 8859-1 [22] only when 
encoded according to the rules of RFC 1522 [14].

	TEXT	= <any OCTET except CTLs, but including LWS>

According to RFC found at http://www.faqs.org/rfcs/rfc2068.html CTLs, CRLF, CR, 
LF, SP, HT, and LWS are defined as:

	CTL	= <any US-ASCII control character
		  (octets 0 - 31) and DEL (127)>
	CR	= <US-ASCII CR, carriage return (13)>
	LF	= <US-ASCII LF, linefeed (10)>
	SP	= <US-ASCII SP, space (32)>
	HT	= <US-ASCII HT, horizontal-tab (9)>
	CRLF	= CR LF
	LWS	= [CRLF] 1*( SP | HT )


Since commas and semicolons are part of the ISO 8859-1 they are allowed in 
quoted-strings, hence they should be allowed to be in cookie values. 

Please provide me your reasoning next time you inform me that I am wrong.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message