Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Received-SPF: pass (nike.apache.org: local policy)
Message-ID: <47B15F5A.1090902@hanik.com>
Date: Tue, 12 Feb 2008 08:56:58 +0000
From: Filip Hanik - Dev Lists <devlists@hanik.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: Tomcat Developers List <dev@tomcat.apache.org>
Subject: Re: Cookies are broken in 6.0.16?
References: <5245102a0802082243u1c75eb0fl77dee2f5e5d45ad7@mail.gmail.com>
 <47ADA4AC.2080302@apache.org> <foqp0u$tpr$1@ger.gmane.org>
In-Reply-To: <foqp0u$tpr$1@ger.gmane.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

Sven K�hler wrote:
>> The difficulty here is that although '=' is the delimiter between NAME and
>> VALUE there is no need to encode it if it appears in the name or the value.
>> This causes some ambiguities when parsing a header of the form:
>> Set-Cookie: foo=bar=bartoo
>>
>> Is the name 'foo' or 'foo=bar'? Is the value 'bar=bartoo' or 'bartoo'?
>>
>> The changes to the cookie parsing mean the second '=' and any text beyond
>> it are now ignored.
>>     
>
> !???
>
> By instinct, i would have chosen the first = to split the string into
> NAME and VALUE.
>
> Why have you chosen the second = or maybe eben the last = occuring in
> the cookie-string?
>
> Actually, the spec doesn't disagree with chosing any of the = ...
> But some users have supplied some reasonable arguments (base64 is
> padding with =, etc.) to rather chose the first = over the other ones.
>   
in that case, the user should use v1 cookies :)


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org