tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 49000] Cookie parsing bug when an empty value has an equal sign on the end
Date Sun, 04 Apr 2010 15:38:50 GMT

Mark Thomas <> changed:

           What    |Removed                     |Added
           Severity|normal                      |enhancement

--- Comment #2 from Mark Thomas <> 2010-04-04 15:38:49 UTC ---
Hmm. Neither of those two cookies are valid since both name and value are

Tomcat 6 (and probably earlier) has allowed what is referred to in the code as
name only cookies. I think this is another candidate for a cookie configuration
option in Tomcat 7 (ALLOW_NAME_ONLY_COOKIES ?) that defaults to false and
rejects these invalid cookies.

In terms of what this option does allow, since we are outside the spec, we can
choose what we want to allow and disallow. I quite like the current allow
'name' but not 'name=' as the latter looks like an error whilst the first looks
an attempt to have a name only cookie.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message