Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 85828 invoked from network); 10 Feb 2008 10:26:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Feb 2008 10:26:00 -0000 Received: (qmail 96522 invoked by uid 500); 10 Feb 2008 10:25:46 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 96474 invoked by uid 500); 10 Feb 2008 10:25:46 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 96462 invoked by uid 99); 10 Feb 2008 10:25:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 Feb 2008 02:25:46 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [212.27.42.64] (HELO smtp7-g19.free.fr) (212.27.42.64) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 Feb 2008 10:25:15 +0000 Received: from smtp7-g19.free.fr (localhost [127.0.0.1]) by smtp7-g19.free.fr (Postfix) with ESMTP id 2ECB0322811 for ; Sun, 10 Feb 2008 11:25:22 +0100 (CET) Received: from [192.168.0.10] (lap34-1-82-224-140-72.fbx.proxad.net [82.224.140.72]) by smtp7-g19.free.fr (Postfix) with ESMTP id 0F5F13227EF for ; Sun, 10 Feb 2008 11:25:22 +0100 (CET) Message-ID: <47AED113.3080907@apache.org> Date: Sun, 10 Feb 2008 11:25:23 +0100 From: Remy Maucherat User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: Cookies are broken in 6.0.16? References: <5245102a0802082243u1c75eb0fl77dee2f5e5d45ad7@mail.gmail.com> <47ADA4AC.2080302@apache.org> <1202596086.4884.3.camel@localhost.localdomain> <47AE33D5.3000301@hanik.com> <1202604089.4884.13.camel@localhost.localdomain> <47AE55D5.70608@hanik.com> <47AE5DF4.2070704@manico.net> <47AE6F96.6010400@hanik.com> In-Reply-To: <47AE6F96.6010400@hanik.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Filip Hanik - Dev Lists wrote: > Jim Manico wrote: >> > I guess we could throw a run time exception if the value contained >> any of those. other than that, I'm not sure how to behave >> >> I think this is the best case scenario for v0 cookies. Perhaps, if you >> really want to get fancy, you can add a flag to let legacy solutions >> roll back to the old/non-standard cookie handling methodology? > no, we wont do that. we fixed the cookie behavior in this release due to > security issues filed against the old parsing. The security issue only exists because of a fundamentally broken servlet in the examples, and assumes the user will click on a URL. That's not what I call a security problem. Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org