Return-Path: 
 <dev-return-87138-apmail-tomcat-dev-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: (qmail 8300 invoked from network); 10 Feb 2008 01:40:03 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 10 Feb 2008 01:40:03 -0000
Received: (qmail 24148 invoked by uid 500); 10 Feb 2008 01:39:50 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 24084 invoked by uid 500); 10 Feb 2008 01:39:49 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 24073 invoked by uid 99); 10 Feb 2008 01:39:49 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Feb 2008 17:39:49 -0800
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy)
Received: from [72.22.94.67] (HELO virtual.halosg.com) (72.22.94.67)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 Feb 2008 01:39:05 +0000
Received: (qmail 16031 invoked from network); 9 Feb 2008 19:30:48 -0600
Received: from 72-19-171-38.static.mesanetworks.net (HELO ?192.168.3.102?)
 (72.19.171.38)
  by halosg.com with SMTP; 9 Feb 2008 19:30:48 -0600
Message-ID: <47AE55D5.70608@hanik.com>
Date: Sat, 09 Feb 2008 18:39:33 -0700
From: Filip Hanik - Dev Lists <devlists@hanik.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: Tomcat Developers List <dev@tomcat.apache.org>
Subject: Re: Cookies are broken in 6.0.16?
References: <5245102a0802082243u1c75eb0fl77dee2f5e5d45ad7@mail.gmail.com>
	 <47ADA4AC.2080302@apache.org>
	 <1202596086.4884.3.camel@localhost.localdomain>
	 <47AE33D5.3000301@hanik.com>
 <1202604089.4884.13.camel@localhost.localdomain>
In-Reply-To: <1202604089.4884.13.camel@localhost.localdomain>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org

Remy Maucherat wrote:
> On Sat, 2008-02-09 at 16:14 -0700, Filip Hanik - Dev Lists wrote:
>   
>> no regression, if you do this
>>
>>   c = new javax.servlet.http.Cookie("abcv1","123==");
>>   c.setVersion(1);
>>   response.addCookie(c);
>>
>> then it works just fine.
>>
>> however, if you do
>>   c = new javax.servlet.http.Cookie("abcv0","123==");
>>   response.addCookie(c);
>>
>> then it doesn't. if we encode it, (which we did at our first attempt for 
>> v0 cookies) we actually don't pass the TCK.
>> only v1 cookies should be double quoted, in previous versions of tomcat, 
>> I believe everything got double quoted, regardless of version on the cookie.
>>
>> v0 cookies, the spec says
>>
>> /NAME/=/VALUE/
>>     This string is a sequence of characters excluding semi-colon, comma
>>     and white space. If there is a need to place such data in the name
>>     or value, some encoding method such as URL style %XX encoding is
>>     recommended, though no encoding is defined or required.
>>
>> the problem was that encoding wasn't defined nor required. so when we 
>> followed the spec, and added %XX encoding, TCK tests failed.
>>
>> at this point I would say, we handle cookies correctly. if one needs == 
>> at the end of the cookie, then they need to use v1 cookies, according to 
>> spec
>>     
>
> I find the regressions caused by the new behavior problematic, and it
> will cause lots of problems with existing applications, since the
> default cookie version used is version 0.
>
> As I'm the only one complaining at the moment, I think I'll take my
> concerns elsewhere, no problem, I get the idea :) Obviously, when I say
> "encoding", I am not talking about quoting the whole value (or name) as
> was done before.
>   
as always, I'm open to suggestions. it'd be easier if you suggested 
something.

here is the javadoc for the servlet spec


      setValue

public void *setValue*(String <http://java.sun.com/j2se/1.5/docs/api/java/lang/String.html> newValue)

    Assigns a new value to a cookie after the cookie is created. If you
    use a binary value, you may want to use BASE64 encoding.

    With Version 0 cookies, values should not contain white space,
    brackets, parentheses, equals signs, commas, double quotes, slashes,
    question marks, at signs, colons, and semicolons. Empty values may
    not behave the same way on all browsers.

    *Parameters:*
        |newValue| - a |String| specifying the new value
    *See Also:*
        |getValue()|
        <http://java.sun.com/javaee/5/docs/api/javax/servlet/http/Cookie.html#getValue%28%29>,
        |Cookie|
        <http://java.sun.com/javaee/5/docs/api/javax/servlet/http/Cookie.html>


I guess we could throw a run time exception if the value contained any 
of those. other than that, I'm not sure how to behave

Filip

> Rémy
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org