Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 494D010590 for ; Sat, 18 Jan 2014 04:22:27 +0000 (UTC) Received: (qmail 92816 invoked by uid 500); 18 Jan 2014 04:22:23 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 92450 invoked by uid 500); 18 Jan 2014 04:22:17 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 92435 invoked by uid 99); 18 Jan 2014 04:22:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Jan 2014 04:22:15 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.131] (HELO eos.apache.org) (140.211.11.131) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Jan 2014 04:22:14 +0000 Received: from eos.apache.org (localhost [127.0.0.1]) by eos.apache.org (Postfix) with ESMTP id 786BF4AA for ; Sat, 18 Jan 2014 04:21:54 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: Apache Wiki To: Apache Wiki Date: Sat, 18 Jan 2014 04:21:53 -0000 Message-ID: <20140118042153.99399.69780@eos.apache.org> Subject: =?utf-8?q?=5BTomcat_Wiki=5D_Update_of_=22Cookies=22_by_jboynes?= Auto-Submitted: auto-generated X-Virus-Checked: Checked by ClamAV on apache.org Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for ch= ange notification. The "Cookies" page has been changed by jboynes: https://wiki.apache.org/tomcat/Cookies?action=3Ddiff&rev1=3D29&rev2=3D30 Comment: Add link to patch for changes to Cookie C5 Allow unnamed cookies in C1b "netscape" mode:: :: Allow cookies whose name is null or the empty string. Browsers will s= tore a single cookie that has no name whose value is sent as simply =C2=ABv= alue=C2=BB (i.e. without any '=3D' delimiter). This would now be supported = if STRICT_NAMING is set to "netscape" but would remain disallowed in "rfc21= 09" or "rfc6265" modes. If allowed, the Set-Cookie header would contain jus= t the value (no '=3D' present and an IAE if value contained an '=3D') and a= ny such cookie found during parsing would be included in the result of Http= ServletRequest#getCookies(). = + A candidate patch for these Cxx changes can be found here: + http://people.apache.org/~jboynes/patches/cookie.patch + This follows proposal C1 with the consequence that a "/" is not allowed i= n a cookie name by default; to allow that STRICT_NAMING must be set to fals= e (i.e. to "netscape" mode). The test suite changes are a result of that an= d with them in place I have verified it still passes. + = =3D=3D=3D Changes to generation of Set-Cookie header =3D=3D=3D G1 Use RFC6265 format header for V0 cookies:: :: When version =3D=3D 0 always generate a RFC6265 header, raising an ex= ception from addCookie if the value is invalid rather than attempting to up= grade to a RFC2109 header to use quoting. Application impact is that they w= ill now fail fast with an error rather than inconsistent data as described = in Bug 55920; applications that do not set invalid values will not be impac= ted. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org