tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Cookies and values with ':' in them
Date Thu, 16 Apr 2009 21:53:47 GMT
Andre-John Mas wrote:
> On 16-Apr-2009, at 17:08, Mark Thomas wrote:
>> Using a ':' in a v0 cookie is not legal. You have to use a v1 cookie
>> which is as simple as using:
>> cookie.setVersion(1);
>> 5.5.28 will (hopefully - if it gets enough votes) an feature (enabled by
>> default) to automatically switch invalid v0 cookies to v1 cookies and
>> quote them.
> Will this only be for writing?

> I depend a cookie set by a third-party
> web application in the same domain, which sends me the cookies this
> way. If it is only for writing, then I will have to find a way of
> convincing the developers of the other application to make the change.

If that app is running on Tomcat then Tomcat (5.5.28 hopefully) will do
the switch for them. If not, they'll have to do it themselves.

Either way using ':' in a v0 cookie is simply not legal. I would argue
the app is broken and needs fixing.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message