tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Tomcat Wiki] Update of "Cookies" by markt
Date Wed, 01 Jan 2014 17:00:14 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "Cookies" page has been changed by markt:
https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=8&rev2=9

Comment:
Add some notes on separators and expires/max-age

  == Parsing the Cookie header by Tomcat ==
  
  ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Servlet
+ Netscape + RFC2109'''||'''Servlet + RFC 6265'''||
- ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug
55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed||
+ ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug
55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed.||
  ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug
55918]])||Allowed||TBD||Not allowed.||Not allowed.||
- ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug
55920]])||Quotes removed||TBD||Netscape - quotes are part of value||Quotes are not part of
value||
+ ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug
55920]])||Quotes removed.||TBD||Netscape - quotes are part of value.||Quotes are not part
of value.||
  ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug
55921]])||TBD||TBD||TBD||TBD||
  ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous.
RFC2109 requires quoting.||Allowed.||
- ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||TBD||TBD||
- ||Always add expires||Enabled by default. Disabled by property.||TBD||TBD||TBD||
+ ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes
except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon,
comma and whitespace, double-quote and backslash.||
+ ||Always add expires||Enabled by default. Disabled by property.||TBD||Netsacpe uses expires.
RFC2109 uses Max-Age.||Allows either, none or both.||
  ||/ is separator||Enabled by default. Disabled by property.||TBD||TBD||TBD||
  ||Strict naming||Enabled by default. Disabled by property.||TBD||TBD||TBD||
  ||Allow name only||Disabled by default. Enabled by property.||TBD||TBD||TBD||

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message