[Tomcat Wiki] Update of "Cookies" by jboynes

Fri, 03 Jan 2014 10:44:06 -0800 

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change 
notification.

The "Cookies" page has been changed by jboynes:
https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=14&rev2=15

  ||Domain||String, per RFC2109||domain=DOMAIN_NAME||"Domain" "=" 
value||"Domain=" domain-value||
  ||Path||String, per RFC2109||path=PATH||"Path" "=" value||"Path=" path-value||
  ||Secure||boolean||secure||"Secure"||"Secure"||
- ||HttpOnly||boolean||N/A||N/A||"HttpOnly"||
+ ||!HttpOnly||boolean||N/A||N/A||"!HttpOnly"||
  ||Expires||N/A||expires=DATE as "Wdy, DD-Mon-YYYY HH:MM:SS 
GMT"||N/A||"Expires=" sane-cookie-date||
  ||Max-Age||int in seconds||N/A||"Max-Age" "=" value||"Max-Age=" 
non-zero-digit *DIGIT||
  ||Comment||String||N/A||"Comment" "=" value||allowed by extension||
@@ -40, +40 @@

  ||Extension||N/A||N/A||N/A||any CHAR except CTLs or ";"||
  
  === Current Implementation ===
- TODO: write up
+ ==== Cookie ====
+ The constructor of javax.servlet.http.Cookie will throw an 
!IllegalArgumentException if any of the following conditions are met:
+  * name is null or zero length
+  * if name is not a token
+  * if name equalsIgnoreCase any of "Comment" "Discard" "Domain" "Expires" 
"Max-Age" "Path" "Secure" "Version"
+  * if name startsWith "$"
+ 
+ By default, a token comprises characters 0x21..0x7E except comma, semicolon 
and space. If STRICT_NAMING is true, then token also excludes characters from 
"()<>@,;:\\\"[]?={} \t" which corresponds to RFC2616 separators without "/" 
(i.e. "/" is allowed); if FWD_SLASH_IS_SEPARATOR is true than "/" is also 
excluded. These properties will default to true if STRICT_SERVLET_COMPLIANCE is 
true.
+ 
+  Issues:: 
+  :: the "!HttpOnly" attribute is not covered by the check
+  :: by default, a "=" character is allowed in a name (browsers treat the name 
as everything up to the first equals)
+ 
+ No checks are made in any of the other setters.
+ 
+ The domain value is converted to lower case (per Locale.ENGLISH) when set as 
"IE allegedly needs this."
+ 
+ ==== HttpServletRequest ====
+ TODO: document this
+ 
  === Proposed Implementation ===
  TBD
  

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to