Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Cookies" page has been changed by jboynes: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=24&rev2=25 Comment: Promote P3a to new change P4 ensuring the original header value is always accessible to the application :: '''Issue:''' The notes below that shaped this proposal have not be checked against a browser that actually sends a RFC2109 format header. P3 Do not throw IAE from the parser:: - :: Invalid syntax will result in a user-data log entry and cookies being dropped rather than throwing of an IAE. Application impact is that requests with an invalid Cookie header will now be dispatched to the application. + :: Invalid syntax will result in a user-data log entry and cookies being dropped rather than throwing of an IAE. Application impact is that requests with an invalid Cookie header will now be dispatched to the application. "Dropping a cookie" means an invalid cookie will not appear in the list returned by HttpServletRequest#getCookies(). An application will still be able to access the original Cookie header and may perform its own parsing. + - :: '''Alternative P3a:''' Ensure that the cookie header is available for the application to parse manually. + P4 Ensure that the cookie header is always available for the application to parse manually.:: + :: Stop modifying the header in-situ as part of the de-escaping process so that an application can elect to perform its own parsing by calling getHeader("Cookie"). Eliminate the need for the PRESERVE_COOKIE_HEADER property that currently controls whether a copy of the header is made if modifications are needed. Perform de-escaping during the copy needed to convert the MessageBytes to the String in Cookie#value, possibly during any conversation process needed to handle UTF-8. === Impact of proposal on existing issues === ||<:10%>'''Issue'''||Impact|| --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
