tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Tomcat Wiki] Update of "Cookies" by jboynes
Date Fri, 03 Jan 2014 22:29:01 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "Cookies" page has been changed by jboynes:
https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=17&rev2=18

  = Cookies =
  
  == Parsing the Cookie header by Tomcat ==
+ The various specifications define the following formats for the Cookie header sent by the
user-agent:
+ ||'''Specification'''||'''Format of Cookie header'''||
+ ||Netscape||{{{Cookie: NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...}}}||
+ ||RFC2109||{{{"Cookie:" "$Version" "=" value 1*((";" | ",") cookie-value)}}}||
+ ||RFC6265||{{{"Cookie:" OWS cookie-pair *( ";" SP cookie-pair ) OWS}}}||
+ 
+ Chrome-31, Firefox-26, Firefox Aurora-28, Internet Explorer-11 and Safari-7.01 all send
a single header in Netscape/RFC6265 format with name=value pairs separated by semicolon and
space. The name and value correspond to whatever was stored in the browser when the "Set-Cookie"
header was parsed. These may contain commas, spaces, other separators or 8-bit characters.
+ 
+ None of them add any of the "$" attributes ("$Version" "$Domain" or "$Path) from RFC2109
and specifically do not send the leading "$Version" attribute that is part of that specification's
syntax. All except Safari support a unnamed "value-only" cookie that is sent as is (without
a name or "="); i.e. a unnamed cookie with value "foo" (including quotes) is sent as the line:
+ {{{
+ Cookie: "foo"
+ }}}
+ 
+ When set through !JavaScript, any Unicode codepoints in the text are encoded as UTF-8 in
the header. For example, in Chrome the statement {{{document.cookie = "foo=b\u00e1r";}}} will
result in a header containing the octets
+ {{{
+ 43 6f 6f 6b 69 65 3a 20 66 6f 6f 3d 62 c3 a1 72
+ }}}
+ showing codepoint U+00E1 being converted to its UTF-8 equivalent 0xC3 0xA1. This matches
the behaviour defined by [[http://www.w3.org/html/wg/drafts/html/master/single-page.html#cookie|HTML5.]]
  
  ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Servlet
+ Netscape + RFC2109'''||'''Servlet + RFC 6265'''||
  ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug
55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed.||
@@ -95, +113 @@

  TEXT           = <any OCTET except CTLs, but including LWS>
  rfc1123-date   = wkday "," SP date1 SP time SP "GMT"
  }}}
+ == RFC2109 definitions ==
+ {{{
+ cookie-value   = NAME "=" VALUE [";" path] [";" domain]
+ }}}
  == RFC6265 definitions ==
  {{{
+ cookie-pair       = cookie-name "=" cookie-value
  cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
  cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
  domain-value      = <subdomain> ; defined in [RFC1034], Section 3.5, as enhanced by
[RFC1123], Section 2.1

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message