tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 49000] Cookie parsing bug when an empty value has an equal sign on the end
Date Tue, 14 Dec 2010 22:48:32 GMT

--- Comment #9 from Henri Yandell <> 2010-12-14 17:48:27 EST ---
I'm poorly explaining.

Tomcat is happy with all of the following:

Cookie: fred=1; jim=2; bob
Cookie: fred=1; jim=2; bob; george=3
Cookie: fred=1; jim=2; bob=; george=3

It isn't happy with:

Cookie: fred=1; jim=2; bob=

Looking at logs, I can see that IE6, IE7 and IE8 all sends the bob= type
entries. Generally this is fine, unless it's the last item in the semi-colon
delimited list, in which case Tomcat drops the cookie entry.

I agree with everything said - if name and value are mandatory then none of the
above should be accepted. However, the current Tomcat functionality is such
that 3/4 of the options are accepted and anyone relying on this is going to
have a very confusing feature where IE traffic sporadically drops a cookie.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message