Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Cookies" page has been changed by jboynes: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=29&rev2=30 Comment: Add link to patch for changes to Cookie C5 Allow unnamed cookies in C1b "netscape" mode:: :: Allow cookies whose name is null or the empty string. Browsers will store a single cookie that has no name whose value is sent as simply «value» (i.e. without any '=' delimiter). This would now be supported if STRICT_NAMING is set to "netscape" but would remain disallowed in "rfc2109" or "rfc6265" modes. If allowed, the Set-Cookie header would contain just the value (no '=' present and an IAE if value contained an '=') and any such cookie found during parsing would be included in the result of HttpServletRequest#getCookies(). + A candidate patch for these Cxx changes can be found here: + http://people.apache.org/~jboynes/patches/cookie.patch + This follows proposal C1 with the consequence that a "/" is not allowed in a cookie name by default; to allow that STRICT_NAMING must be set to false (i.e. to "netscape" mode). The test suite changes are a result of that and with them in place I have verified it still passes. + === Changes to generation of Set-Cookie header === G1 Use RFC6265 format header for V0 cookies:: :: When version == 0 always generate a RFC6265 header, raising an exception from addCookie if the value is invalid rather than attempting to upgrade to a RFC2109 header to use quoting. Application impact is that they will now fail fast with an error rather than inconsistent data as described in Bug 55920; applications that do not set invalid values will not be impacted. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
