tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <>
Subject Re: Cookies are broken in 6.0.16?
Date Sun, 10 Feb 2008 22:42:36 GMT
Remy Maucherat wrote:
> On Sun, 2008-02-10 at 11:17 -0700, Filip Hanik - Dev Lists wrote:
>> Remy Maucherat wrote:
>>> On Sun, 2008-02-10 at 11:44 -0500, Jim Manico wrote:
>>>> Filip - you are 100% correct on this thread. Are you basically the 
>>>> traffic cop guarding the core of Tomcat?
>>> I understand, you are not impacted by the behavior change, and as a
>>> result this allows you to be "fair", I suppose. The issue is that the
>>> behavior of Tomcat has been different, in all prior releases, and
>>> changing it of all a sudden without any configuration capability because
>>> it feels nice to play "spec lawyer" is wrong to me. Similar decisions
>>> have been made in the past, and this did cause problems, it's simply
>>> faster to add the appropriate options right away.
>> what about my suggestion, to add a flag to default to v1 cookies. they 
>> get quoted and old behavior will continue to work.
> This is the sort of configuration option which seems appropriate.
essentially, browsers treated our previous v0 cookies as v1 when we 
quoted them.
question, obviously it would be easiest for us to put the global flag in 
the javax.servlet.http.Cookie class directly
-private int version = 0;    // ;Version=1 ... means RFC 2109++ style
+private int version = 
// ;Version=1 ... means RFC 2109++ style

Would this be ok, given its a spec class? or do we have to leave this 
class untouched and modify it elsewhere, in which case it'd be more of a 


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message