tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <>
Subject [Tomcat Wiki] Update of "Cookies" by jboynes
Date Sat, 18 Jan 2014 04:21:53 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "Cookies" page has been changed by jboynes:

Add link to patch for changes to Cookie

   C5 Allow unnamed cookies in C1b "netscape" mode::
   :: Allow cookies whose name is null or the empty string. Browsers will store a single cookie
that has no name whose value is sent as simply «value» (i.e. without any '=' delimiter).
This would now be supported if STRICT_NAMING is set to "netscape" but would remain disallowed
in "rfc2109" or "rfc6265" modes. If allowed, the Set-Cookie header would contain just the
value (no '=' present and an IAE if value contained an '=') and any such cookie found during
parsing would be included in the result of HttpServletRequest#getCookies().
+ A candidate patch for these Cxx changes can be found here:
+ This follows proposal C1 with the consequence that a "/" is not allowed in a cookie name
by default; to allow that STRICT_NAMING must be set to false (i.e. to "netscape" mode). The
test suite changes are a result of that and with them in place I have verified it still passes.
  === Changes to generation of Set-Cookie header ===
   G1 Use RFC6265 format header for V0 cookies::
   :: When version == 0 always generate a RFC6265 header, raising an exception from addCookie
if the value is invalid rather than attempting to upgrade to a RFC2109 header to use quoting.
Application impact is that they will now fail fast with an error rather than inconsistent
data as described in Bug 55920; applications that do not set invalid values will not be impacted.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message