tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 60788] Cookies value contains quotes when the Cookie header contains $Version=1 and the header's value is enclosed by quotes
Date Wed, 01 Mar 2017 20:39:21 GMT

--- Comment #13 from Markus Malkusch <> ---
Then let me add more details to the described case: The intended symetric round
trip behaviour was not given. The Cookie was initially created with the Servlet
API (containing only alphanumeric characters), which sends a Set-Cookie header
without quotes (Set-Cookie: userId=foo;Max-Age=15552000;path=/).

It was the user agent (Dalvik/2.1.0 (Linux; U; Android 5.1; A2 Build/LMY47I))
which then continued to send it back with quotes. I couldn't find anything in
the related RFCs which forbids this, so I assume it's a possible and valid

I think it's wrong in this case to expose those quotes to the application
programmer. It is unexpected and leads to errors in application.

However it is currently a rare case. I observe it once every 5k requests.
Application programmers can easily mitigate the issue themselves, if they only

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message