tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51138] Cookies with colons in the cookie value are read incorrectly
Date Sun, 01 May 2011 09:39:54 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51138

Mark Thomas <markt@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |DUPLICATE

--- Comment #1 from Mark Thomas <markt@apache.org> 2011-05-01 09:39:54 UTC ---
Colon's in cookie values are invalid as per rfc2109, rfc2068, rfc2965, rfc2616
and the Servlet specification.

A superficial reading of the v0 cookie specification suggests colons would be
allowed, however colons are not permitted since that would be a breach of
rfc2068 / rfc2616.

If http://tools.ietf.org/html/draft-ietf-httpstate-cookie-23 was approved and
referenced by a future version of the Servlet specification the colon character
would still be invalid in unquoted cookie values.

*** This bug has been marked as a duplicate of bug 48409 ***

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message