Hi, I think cookies are still broken, and this is getting more and more complex. The apparent issue is that the parser applies v1 parsing rules when parsing v0 cookies (which are generated using a much more lenient character exclusion), resulting in cookies that cannot be parsed back.
A simple example is a regular cookie session (!), where the path cannot even be parsed back ('/' is now in the "specials" list). Maybe we could parse as v0, and validate the bytes if the cookie turned out to be v1 ? Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org