tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arto Huusko <arto.huu...@wmdata.fi>
Subject Invalid restrictions on cookie name in javax.servlet.http.Cookie
Date Fri, 17 Sep 2004 12:50:33 GMT
Hi,

I believe javax.servlet.http.Cookie (as seen in Tomcat 5.0.28 sources,
at jakarta-servletapi-5/jsr154/src/share/javax/servlet/http/Cookie.java)
is invalidly enforcing restrictions on the cookie name.

The constructor does not accept, for example, "Domain" as a cookie name.
The same goes for other "special" names that are used when transmitting

However, as far as I can see, neither RFC 2109 or RFC 2965 imposes
such restrictions on the cookie name. The only restriction is that
the name is a "token" and that it does not start with $. Sun's
javax.servlet.http.Cookie javadoc agrees.

Am I mistaken, and if not what should I do? File a bug report?

-- 
Arto Huusko
WM-data Novo
Ruukinkatu 2-4, 20540 Turku, FINLAND
http://www.wmdata.fi/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message