tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: Cookies are broken in 6.0.16?
Date Tue, 12 Feb 2008 08:56:58 GMT
Sven Köhler wrote:
>> The difficulty here is that although '=' is the delimiter between NAME and
>> VALUE there is no need to encode it if it appears in the name or the value.
>> This causes some ambiguities when parsing a header of the form:
>> Set-Cookie: foo=bar=bartoo
>>
>> Is the name 'foo' or 'foo=bar'? Is the value 'bar=bartoo' or 'bartoo'?
>>
>> The changes to the cookie parsing mean the second '=' and any text beyond
>> it are now ignored.
>>     
>
> !???
>
> By instinct, i would have chosen the first = to split the string into
> NAME and VALUE.
>
> Why have you chosen the second = or maybe eben the last = occuring in
> the cookie-string?
>
> Actually, the spec doesn't disagree with chosing any of the = ...
> But some users have supplied some reasonable arguments (base64 is
> padding with =, etc.) to rather chose the first = over the other ones.
>   
in that case, the user should use v1 cookies :)


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message