DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=15576>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=15576
IllegalArgumentException during adding a cookie
------- Additional Comments From opus@aracnet.com 2004-06-10 19:26 -------
William, I went ahead and re-read the RFC. After doing some investigation, I
now agree and disagree with you.
According to RFC 2109 found at, http://www.faqs.org/rfcs/rfc2109.html, section
4.2.2 Set-Cookie Syntax:
The syntax for the Set-Cookie response header is
set-cookie = "Set-Cookie:" cookies
cookies = 1#cookie
cookie = NAME "=" VALUE *(";" cookie-av)
NAME = attr
VALUE = value
cookie-av = "Comment" "=" value
| "Domain" "=" value
| "Max-Age" "=" value
| "Path" "=" value
| "Secure"
| "Version" "=" 1*DIGIT
According to the general syntax in the same RFC:
The two state management headers, Set-Cookie and Cookie, have common syntactic
properties involving attribute-value pairs. The following grammar uses the
notation, and tokens DIGIT (decimal digits) and token (informally, a sequence
of non-special, non-white space characters) from the HTTP/1.1 specification
[RFC 2068] to describe their syntax.
av-pairs = av-pair *(";" av-pair)
av-pair = attr ["=" value] ; optional value
attr = token
value = word
word = token | quoted-string
Attributes (names) (attr) are case-insensitive. White space is permitted
between tokens. Note that while the above syntax description shows value as
optional, most attrs require them.
So the value in the cookie can either be a token or a quoted-string.
According to RFC found at http://www.faqs.org/rfcs/rfc2068.html tokens are
defined as:
Token = 1*<any CHAR except CTLs or tspecials>
tspecials = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT ”
According to RFC found at http://www.faqs.org/rfcs/rfc2068.html quoted-strings
are defined as:
A string of text is parsed as a single word if it is quoted using double-quote
marks.
quoted-string = ( <"> *(qdtext) <"> )
qdtext = <any TEXT except <">>
According to RFC found at http://www.faqs.org/rfcs/rfc2068.html TEXT is defined
as:
The TEXT rule is only used for descriptive field contents and values that are
not intended to be interpreted by the message parser. Words of *TEXT may
contain characters from character sets other than ISO 8859-1 [22] only when
encoded according to the rules of RFC 1522 [14].
TEXT = <any OCTET except CTLs, but including LWS>
According to RFC found at http://www.faqs.org/rfcs/rfc2068.html CTLs, CRLF, CR,
LF, SP, HT, and LWS are defined as:
CTL = <any US-ASCII control character
(octets 0 - 31) and DEL (127)>
CR = <US-ASCII CR, carriage return (13)>
LF = <US-ASCII LF, linefeed (10)>
SP = <US-ASCII SP, space (32)>
HT = <US-ASCII HT, horizontal-tab (9)>
CRLF = CR LF
LWS = [CRLF] 1*( SP | HT )
Since commas and semicolons are part of the ISO 8859-1 they are allowed in
quoted-strings, hence they should be allowed to be in cookie values.
Please provide me your reasoning next time you inform me that I am wrong.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
|