tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maik Jablonski" <maik.jablon...@gmail.com>
Subject Re: Cookies are broken in 6.0.16?
Date Sat, 09 Feb 2008 16:42:30 GMT
On Feb 9, 2008 2:03 PM, Mark Thomas <markt@apache.org> wrote:
> It is neither. The changes are documented in the change log. As a result of
> a couple of minor security issues (see
> http://tomcat.apache.org/security-6.html) the cookie handling code has been
> tightened up to make it spec compliant.

Hi Mark,

thanks for the good explanation, I'm fine with it, but maybe some
explicit note about this change of behaviour will help people from
running into trouble after an upgrade to 6.0.16... at least I wasn't
able to detect this change from the URL mentioned above or the
Tomcat-changelog.

Just as an example: I'm using some BASE64-encoded strings, which I
store in a cookie-value. These strings are padded with equal-signs on
their right by the BASE64-encoding. Depending on the application
changes and resulting problems in the cookie-parsing by Tomcat maybe
hard to detect.

Cheers, Maik

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message