tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Moore <JohnMo...@PDSI-Software.COM>
Subject Cookie Spec & Tomcat 3.2.3
Date Sun, 27 Jan 2002 05:42:51 GMT
A new vendor were evaluating to processes XML through our site 
(Telephony support via XML) now claims (indirectly) that Tomcat 3.2.3 has
incorrectly implemented the specification for Cookies, more specifically in
the use of the Path 
attribute. The container is throwning an exception when they call back
to us with a cookie named Path, which is of-couse illegal.  All we create 
is a Session object which in turn creates the Cookie with JSESSION and its
associated attributes.

After reading the IETF RFC2109 (two or three times) it also seems clear to
me that the Path attribute is permitted to have quotes around it
(Section 5.1 Examples uses them ) and that Tomcat is doing it right.

They claim that browsers don't necessarily enforce the spec and that's
why the browsers works against the rest of the site but the XML traffic from
site doesn't.  I think this is a load of crap especially since everything
broke after they updated their software and the app subsequently stopped

I saw bug #231 related to a fix in 3.3 but related to high volume which
we're not and the bug (#231) could not be reproduced. Will have my team try 
TC 3.3 on Moday but I don't think anything is going to change.

So to the question, is there a governing body that has newer, more complete
definition of the Cookie specification that I should have read, is Bug #231 
really related to our problem,  or is it time for a heart-to-heart with
these guys.  

John Moore

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message