tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Invalid restrictions on cookie name in javax.servlet.http.Cookie
Date Fri, 17 Sep 2004 12:56:17 GMT

Contact the expert group for JSR154:  They control the code for the
Servlet API.  If they agree with you, they will open an enhancement
issue right away for this item, you don't need to worry about that part

Yoav Shapira
Millennium Research Informatics

>-----Original Message-----
>From: Arto Huusko []
>Sent: Friday, September 17, 2004 8:51 AM
>Subject: Invalid restrictions on cookie name in
>I believe javax.servlet.http.Cookie (as seen in Tomcat 5.0.28 sources,
>is invalidly enforcing restrictions on the cookie name.
>The constructor does not accept, for example, "Domain" as a cookie
>The same goes for other "special" names that are used when transmitting
>However, as far as I can see, neither RFC 2109 or RFC 2965 imposes
>such restrictions on the cookie name. The only restriction is that
>the name is a "token" and that it does not start with $. Sun's
>javax.servlet.http.Cookie javadoc agrees.
>Am I mistaken, and if not what should I do? File a bug report?
>Arto Huusko
>WM-data Novo
>Ruukinkatu 2-4, 20540 Turku, FINLAND
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message