https://issues.apache.org/bugzilla/show_bug.cgi?id=47241
--- Comment #8 from Jonathan Clarke <[email protected]> 2009-06-08 01:13:17 PST --- Hi, Just some details about separator characters to respond to Eric's comment. RFC 2109 and the newer 2965 ("HTTP State Management Mechanism" aka Cookies) states that within in the Set-Cookie, Set-Cookie2, Cookie and Cookie2 headers the syntax is of attr=value pairs, separated by semi-colons (";") or commas (","). Any other special characters as defined in RFC 2616 are allowed in cookie values, although they should presumably be "-quoted to respect RFC 2616. This means that a colon (":") is a legal value in cookie attr=value pairs. mod_rewrite strips all character escaping before reaching the set_cookie function. Therefore, the set_cookie function can only work with non-escaped text. It seems to me to make sense to use semi-colon (";") as a separator for cookie parts in mod_rewrite syntax, instead of colon (":"), since this is a separator character anyway. The attached patch implements this proposition. I hope this clarifies the problem and the proposed solution, and can be considered for inclusion in Apache. Please let us know any comments on this. Regards, Jonathan -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
