On 18/01/2014 16:54, Jeremy Boynes wrote: > We know people actually use name-only cookies so I think we should > prioritize support for the «X=» form (i.e. it gets be the Cookie > with name == “X” and value == “").
+1 > We then have two options for the «X» form: 1) drop it 2) return it > as the anonymous cookie > > For rfc2109 and rfc6265 modes, it is not a valid token so we would > normally drop it as Netscape mode needs to be explicitly enabled. > We could just do the same for Netscape mode which would be > consistent but means there’s a cookie browsers will store that we > can’t handle. Fidelity with the browser was why I was leaning > toward allowing it but either option resolves the ambiguity with > the actual name-only cookie. I guess I'm on the fence. If you think it can be supported unambiguously then I'd be OK with that. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
