tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sven Köhler <>
Subject Re: Cookies are broken in 6.0.16?
Date Tue, 12 Feb 2008 00:24:50 GMT
> The difficulty here is that although '=' is the delimiter between NAME and
> VALUE there is no need to encode it if it appears in the name or the value.
> This causes some ambiguities when parsing a header of the form:
> Set-Cookie: foo=bar=bartoo
> Is the name 'foo' or 'foo=bar'? Is the value 'bar=bartoo' or 'bartoo'?
> The changes to the cookie parsing mean the second '=' and any text beyond
> it are now ignored.


By instinct, i would have chosen the first = to split the string into

Why have you chosen the second = or maybe eben the last = occuring in
the cookie-string?

Actually, the spec doesn't disagree with chosing any of the = ...
But some users have supplied some reasonable arguments (base64 is
padding with =, etc.) to rather chose the first = over the other ones.

View raw message