tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Cookie issues
Date Wed, 11 Nov 2009 21:45:29 GMT
Remy Maucherat wrote:
> Hi,
> 
> I think cookies are still broken, and this is getting more and more
> complex. The apparent issue is that the parser applies v1 parsing rules
> when parsing v0 cookies (which are generated using a much more lenient
> character exclusion), resulting in cookies that cannot be parsed back.
> 
> A simple example is a regular cookie session (!), where the path cannot
> even be parsed back ('/' is now in the "specials" list).
> 
> Maybe we could parse as v0, and validate the bytes if the cookie turned
> out to be v1 ?

I really do loath cookies right now. I've pulled the proposed patches for 5.5.x
and 6.0.x until I (or someone else) can take a look at this.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message