tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arto Huusko <>
Subject Invalid restrictions on cookie name in javax.servlet.http.Cookie
Date Fri, 17 Sep 2004 12:50:33 GMT

I believe javax.servlet.http.Cookie (as seen in Tomcat 5.0.28 sources,
at jakarta-servletapi-5/jsr154/src/share/javax/servlet/http/
is invalidly enforcing restrictions on the cookie name.

The constructor does not accept, for example, "Domain" as a cookie name.
The same goes for other "special" names that are used when transmitting

However, as far as I can see, neither RFC 2109 or RFC 2965 imposes
such restrictions on the cookie name. The only restriction is that
the name is a "token" and that it does not start with $. Sun's
javax.servlet.http.Cookie javadoc agrees.

Am I mistaken, and if not what should I do? File a bug report?

Arto Huusko
WM-data Novo
Ruukinkatu 2-4, 20540 Turku, FINLAND

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message