tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rémy Maucherat <>
Subject Re: Tomcat 8.5.4 uses RFC 6265 by default which does not appear to be Servlet 3.1 compliant
Date Tue, 06 Sep 2016 20:29:26 GMT
2016-09-06 19:11 GMT+02:00 Mark Thomas <>:

> This looks like something that is a good fit for
> STRICT_SERVLET_COMPLIANCE. My current thinking is if this is set, change
> the default CookieProcessor to LegacyCookieProcessor.
> I think I'm -1 for using the strict compliance flag for that. It's too big
a behavior change, and the current situation is far more robust. Thanks to
you actually, it looks doubtful anyone would have tackled a cookie
refactoring ... People who need absolute compatibility can just as easily
configure another cookie support, but the requirement is really
illegitimate and counter productive.

I also think the specification language is not intentional, it's only a
lack of update in the old javadoc basically.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message