tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Tomcat Wiki] Update of "Cookies" by jboynes
Date Fri, 03 Jan 2014 18:42:08 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "Cookies" page has been changed by jboynes:
https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=14&rev2=15

  ||Domain||String, per RFC2109||domain=DOMAIN_NAME||"Domain" "=" value||"Domain=" domain-value||
  ||Path||String, per RFC2109||path=PATH||"Path" "=" value||"Path=" path-value||
  ||Secure||boolean||secure||"Secure"||"Secure"||
- ||HttpOnly||boolean||N/A||N/A||"HttpOnly"||
+ ||!HttpOnly||boolean||N/A||N/A||"!HttpOnly"||
  ||Expires||N/A||expires=DATE as "Wdy, DD-Mon-YYYY HH:MM:SS GMT"||N/A||"Expires=" sane-cookie-date||
  ||Max-Age||int in seconds||N/A||"Max-Age" "=" value||"Max-Age=" non-zero-digit *DIGIT||
  ||Comment||String||N/A||"Comment" "=" value||allowed by extension||
@@ -40, +40 @@

  ||Extension||N/A||N/A||N/A||any CHAR except CTLs or ";"||
  
  === Current Implementation ===
- TODO: write up
+ ==== Cookie ====
+ The constructor of javax.servlet.http.Cookie will throw an !IllegalArgumentException if
any of the following conditions are met:
+  * name is null or zero length
+  * if name is not a token
+  * if name equalsIgnoreCase any of "Comment" "Discard" "Domain" "Expires" "Max-Age" "Path"
"Secure" "Version"
+  * if name startsWith "$"
+ 
+ By default, a token comprises characters 0x21..0x7E except comma, semicolon and space. If
STRICT_NAMING is true, then token also excludes characters from "()<>@,;:\\\"[]?={}
\t" which corresponds to RFC2616 separators without "/" (i.e. "/" is allowed); if FWD_SLASH_IS_SEPARATOR
is true than "/" is also excluded. These properties will default to true if STRICT_SERVLET_COMPLIANCE
is true.
+ 
+  Issues:: 
+  :: the "!HttpOnly" attribute is not covered by the check
+  :: by default, a "=" character is allowed in a name (browsers treat the name as everything
up to the first equals)
+ 
+ No checks are made in any of the other setters.
+ 
+ The domain value is converted to lower case (per Locale.ENGLISH) when set as "IE allegedly
needs this."
+ 
+ ==== HttpServletRequest ====
+ TODO: document this
+ 
  === Proposed Implementation ===
  TBD
  

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message