tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Cookie issues
Date Wed, 11 Nov 2009 21:45:29 GMT
Remy Maucherat wrote:
> Hi,
> I think cookies are still broken, and this is getting more and more
> complex. The apparent issue is that the parser applies v1 parsing rules
> when parsing v0 cookies (which are generated using a much more lenient
> character exclusion), resulting in cookies that cannot be parsed back.
> A simple example is a regular cookie session (!), where the path cannot
> even be parsed back ('/' is now in the "specials" list).
> Maybe we could parse as v0, and validate the bytes if the cookie turned
> out to be v1 ?

I really do loath cookies right now. I've pulled the proposed patches for 5.5.x
and 6.0.x until I (or someone else) can take a look at this.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message