tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 49000] Cookie parsing bug when an empty value has an equal sign on the end
Date Tue, 14 Dec 2010 22:48:32 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49000

--- Comment #9 from Henri Yandell <hyandell@amazon.com> 2010-12-14 17:48:27 EST ---
I'm poorly explaining.

Tomcat is happy with all of the following:

Cookie: fred=1; jim=2; bob
Cookie: fred=1; jim=2; bob; george=3
Cookie: fred=1; jim=2; bob=; george=3

It isn't happy with:

Cookie: fred=1; jim=2; bob=

Looking at logs, I can see that IE6, IE7 and IE8 all sends the bob= type
entries. Generally this is fine, unless it's the last item in the semi-colon
delimited list, in which case Tomcat drops the cookie entry.

I agree with everything said - if name and value are mandatory then none of the
above should be accepted. However, the current Tomcat functionality is such
that 3/4 of the options are accepted and anyone relying on this is going to
have a very confusing feature where IE traffic sporadically drops a cookie.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message