tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Tomcat Wiki] Trivial Update of "Cookies" by jboynes
Date Thu, 09 Jan 2014 16:35:28 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "Cookies" page has been changed by jboynes:
https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=25&rev2=26

Comment:
wiki foo

   :: '''Issue:''' The notes below that shaped this proposal have not be checked against a
browser that actually sends a RFC2109 format header.
  
   P3 Do not throw IAE from the parser::
-  :: Invalid syntax will result in a user-data log entry and cookies being dropped rather
than throwing of an IAE. Application impact is that requests with an invalid Cookie header
will now be dispatched to the application. "Dropping a cookie" means an invalid cookie will
not appear in the list returned by HttpServletRequest#getCookies(). An application will still
be able to access the original Cookie header and may perform its own parsing.
+  :: Invalid syntax will result in a user-data log entry and cookies being dropped rather
than throwing of an IAE. Application impact is that requests with an invalid Cookie header
will now be dispatched to the application. "Dropping a cookie" means an invalid cookie will
not appear in the list returned by !HttpServletRequest#getCookies(). An application will still
be able to access the original Cookie header and may perform its own parsing.
  
   P4 Ensure that the cookie header is always available for the application to parse manually.::
-  :: Stop modifying the header in-situ as part of the de-escaping process so that an application
can elect to perform its own parsing by calling getHeader("Cookie"). Eliminate the need for
the PRESERVE_COOKIE_HEADER property that currently controls whether a copy of the header is
made if modifications are needed. Perform de-escaping during the copy needed to convert the
MessageBytes to the String in Cookie#value, possibly during any conversation process needed
to handle UTF-8.
+  :: Stop modifying the header in-situ as part of the de-escaping process so that an application
can elect to perform its own parsing by calling getHeader("Cookie"). Eliminate the need for
the PRESERVE_COOKIE_HEADER property that currently controls whether a copy of the header is
made if modifications are needed. Perform de-escaping during the copy needed to convert the
!MessageBytes to the String in Cookie#value, possibly during any conversation process needed
to handle UTF-8.
  
  === Impact of proposal on existing issues ===
  ||<:10%>'''Issue'''||Impact||

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message