tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Cookie issues
Date Fri, 13 Nov 2009 14:39:57 GMT
Remy Maucherat wrote:
> On Thu, 2009-11-12 at 16:03 -0500, Mark Thomas wrote:
>> I've done some more digging and I think I have found what was causing this. I'll
>> have a fix for trunk shortly and (after some testing) I'll re-propose.
> No, what I meant is that, if you want to go the strict route and use '/'
> as a separator as well, the behavior is bad. If you create a session
> cookie, it will be v0 and will have a path like: $Path=/somepath in it.
> The path value cannot be parsed back (enable debug logging to see it).

Yep, that is one of the issues I had found. Generally, using / as a separator is
going to be bad but I don't see the harm in providing it as an option for those
folks that, for whatever reason, what to strictly adhere to the specs.

I think the changes I have made / still want to make to the cookie handling in
Tomcat 7 have got to the point where back-porting them to 6.0.x and 5.5.x is a
bad idea. I am leaning towards just proposing the following:
- remove single quotes from the separator list
- allowing = in v0 cookie values
and keep the remaining changes to Tomcat 7. Porting the full set of changes back
is going to get really messy since we'll need to maintain API compatibility and
there is a reasonable amount of clean-up and simplification that can be done if
the API is changed a little (single copy of constants, remove unused methods, etc)


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message