Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 84115 invoked from network); 10 Feb 2008 00:42:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Feb 2008 00:42:03 -0000 Received: (qmail 88743 invoked by uid 500); 10 Feb 2008 00:41:54 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 88676 invoked by uid 500); 10 Feb 2008 00:41:54 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 88663 invoked by uid 99); 10 Feb 2008 00:41:54 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Feb 2008 16:41:54 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [212.27.42.64] (HELO smtp7-g19.free.fr) (212.27.42.64) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 Feb 2008 00:41:23 +0000 Received: from smtp7-g19.free.fr (localhost [127.0.0.1]) by smtp7-g19.free.fr (Postfix) with ESMTP id A36FE322800 for ; Sun, 10 Feb 2008 01:41:29 +0100 (CET) Received: from [192.168.0.11] (lap34-1-82-224-140-72.fbx.proxad.net [82.224.140.72]) by smtp7-g19.free.fr (Postfix) with ESMTP id 7D4AF3227EE for ; Sun, 10 Feb 2008 01:41:29 +0100 (CET) Subject: Re: Cookies are broken in 6.0.16? From: Remy Maucherat To: Tomcat Developers List In-Reply-To: <47AE33D5.3000301@hanik.com> References: <5245102a0802082243u1c75eb0fl77dee2f5e5d45ad7@mail.gmail.com> <47ADA4AC.2080302@apache.org> <1202596086.4884.3.camel@localhost.localdomain> <47AE33D5.3000301@hanik.com> Content-Type: text/plain; charset=utf-8 Date: Sun, 10 Feb 2008 01:41:29 +0100 Message-Id: <1202604089.4884.13.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 (2.12.3-1.fc8) Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org On Sat, 2008-02-09 at 16:14 -0700, Filip Hanik - Dev Lists wrote: > no regression, if you do this > > c = new javax.servlet.http.Cookie("abcv1","123=="); > c.setVersion(1); > response.addCookie(c); > > then it works just fine. > > however, if you do > c = new javax.servlet.http.Cookie("abcv0","123=="); > response.addCookie(c); > > then it doesn't. if we encode it, (which we did at our first attempt for > v0 cookies) we actually don't pass the TCK. > only v1 cookies should be double quoted, in previous versions of tomcat, > I believe everything got double quoted, regardless of version on the cookie. > > v0 cookies, the spec says > > /NAME/=/VALUE/ > This string is a sequence of characters excluding semi-colon, comma > and white space. If there is a need to place such data in the name > or value, some encoding method such as URL style %XX encoding is > recommended, though no encoding is defined or required. > > the problem was that encoding wasn't defined nor required. so when we > followed the spec, and added %XX encoding, TCK tests failed. > > at this point I would say, we handle cookies correctly. if one needs == > at the end of the cookie, then they need to use v1 cookies, according to > spec I find the regressions caused by the new behavior problematic, and it will cause lots of problems with existing applications, since the default cookie version used is version 0. As I'm the only one complaining at the moment, I think I'll take my concerns elsewhere, no problem, I get the idea :) Obviously, when I say "encoding", I am not talking about quoting the whole value (or name) as was done before. Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org