Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Cookies" page has been changed by jboynes: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=15&rev2=16 The domain value is converted to lower case (per Locale.ENGLISH) when set as "IE allegedly needs this." - ==== HttpServletRequest ==== + ==== HttpServletResponse ==== - TODO: document this + This is typically implemented by o.a.c.connector.Response whose addCookie method delegates generation of the Set-Cookie header to o.a.t.util.http.ServerCookie#appendCookieValue. This first appends the name (relying on checks performed by Cookie), "=" and then the value using RFC2109 quoting rules: + * if the value is null or empty, append empty quoted-string "" + * if the value starts and ends with '"', output as is after escaping any '"' characters between the outer quotes + * if ALLOW_HTTP_SEPARATORS_IN_V0 is false and the value contains a RFC2616 separator, output as a quoted-string after escaping '"' and force Version=1 + * if ALLOW_HTTP_SEPARATORS_IN_V0 is true and the value contains a Netscape separator, output as a quoted-string after escaping '"' and force Version=1 + * otherwise, output as is + + Netscape separators are {',', ';', ' ', '\t'} + RFC2616 separators by default do not include "/" unless FWD_SLASH_IS_SEPARATOR is set (or implied by STRICT_SERVLET_COMPLIANCE). + Characters outside the set { HT, 0x20..0x7E } will result in a !IllegalArgumentException when the check for token characters is performed. + + The same quoting rules are applied when outputting any Domain or Path value. + + If maxAge >=, then the Max-Age attribute will be set for V1 cookies and the Expires attribute for V0 cookies. If the property ALWAYS_ADD_EXPIRES is true then Expires will also be set for V1 cookies. + + Issues:: + :: relies on the browser supporting RFC2109 quoting rules when Version=1 (most apply Netscape rules) + :: Domain is not strictly checked + :: Path is quoted using the same rules as Value; browsers treat them differently (e.g. IE treats quoted paths as invalid) === Proposed Implementation === TBD --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org