Author: markt
Date: Fri Sep 26 10:15:39 2014
New Revision: 1627737
URL: http://svn.apache.org/r1627737
Log:
Rename current cookie parser Cookies -> LegacyCookieProcessor
Start to deprecated the use of system properties, moving towards per Context
control of Cookie parsing.
Document the new CookieParser configuration options.
Added:
tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
- copied, changed from r1627631,
tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
tomcat/trunk/webapps/docs/config/cookie-processor.xml (with props)
Removed:
tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java
Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/java/org/apache/catalina/startup/ContextRuleSet.java
tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
tomcat/trunk/test/org/apache/tomcat/util/http/CookiesBaseTest.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestBug49158.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoFwdStrictSysProps.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoStrictNamingSysProps.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java
tomcat/trunk/test/org/apache/tomcat/util/http/TesterCookiesPerformance.java
tomcat/trunk/webapps/docs/config/context.xml
tomcat/trunk/webapps/docs/config/systemprops.xml
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Fri Sep 26
10:15:39 2014
@@ -129,7 +129,7 @@ import org.apache.tomcat.util.descriptor
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomcat.util.http.CookieProcessor;
-import org.apache.tomcat.util.http.Cookies;
+import org.apache.tomcat.util.http.LegacyCookieProcessor;
import org.apache.tomcat.util.scan.StandardJarScanner;
import org.apache.tomcat.util.security.PrivilegedGetTccl;
import org.apache.tomcat.util.security.PrivilegedSetTccl;
@@ -837,7 +837,7 @@ public class StandardContext extends Con
@Override
public CookieProcessor getCookieProcessor() {
if (cookieProcessor == null) {
- cookieProcessor = new Cookies();
+ cookieProcessor = new LegacyCookieProcessor();
}
return cookieProcessor;
}
Modified: tomcat/trunk/java/org/apache/catalina/startup/ContextRuleSet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/ContextRuleSet.java?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/ContextRuleSet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/ContextRuleSet.java Fri Sep
26 10:15:39 2014
@@ -243,7 +243,7 @@ public class ContextRuleSet extends Rule
"org.apache.tomcat.JarScanFilter");
digester.addObjectCreate(prefix + "Context/CookieProcessor",
- "org.apache.tomcat.util.http.Cookies",
+
"org.apache.tomcat.util.http.LegacyCookieProcessor",
"className");
digester.addSetProperties(prefix + "Context/CookieProcessor");
digester.addSetNext(prefix + "Context/CookieProcessor",
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Fri Sep 26
10:15:39 2014
@@ -32,7 +32,10 @@ public final class CookieSupport {
/**
* If true, cookie values are allowed to contain an equals character
without
* being quoted.
+ *
+ * @deprecated Will be removed in Tomcat 9.
*/
+ @Deprecated
public static final boolean ALLOW_EQUALS_IN_VALUE;
/**
Copied:
tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java (from
r1627631, tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java)
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java?p2=tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java&p1=tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java&r1=1627631&r2=1627737&rev=1627737&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/Cookies.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
Fri Sep 26 10:15:39 2014
@@ -27,17 +27,17 @@ import org.apache.tomcat.util.log.UserDa
import org.apache.tomcat.util.res.StringManager;
/**
- * A collection of cookies - reusable and tuned for server side performance.
- * Based on RFC6265 and RFC2109.
+ * The legacy (up to early Tomcat 8 releases) cookie parser based on RFC6265,
+ * RFC2109 and RFC2616.
*
* This class is not thread-safe.
*
* @author Costin Manolache
* @author kevin seguin
*/
-public final class Cookies implements CookieProcessor {
+public final class LegacyCookieProcessor implements CookieProcessor {
- private static final Log log = LogFactory.getLog(Cookies.class);
+ private static final Log log =
LogFactory.getLog(LegacyCookieProcessor.class);
private static final UserDataHelper userDataLog = new UserDataHelper(log);
@@ -45,6 +45,10 @@ public final class Cookies implements Co
StringManager.getManager("org.apache.tomcat.util.http");
+ @SuppressWarnings("deprecation") // Default to false when deprecated code
is removed
+ private boolean allowEqualsInValue = CookieSupport.ALLOW_EQUALS_IN_VALUE;
+
+
@Override
public Charset getCharset() {
return StandardCharsets.ISO_8859_1;
@@ -98,7 +102,7 @@ public final class Cookies implements Co
* RFC 2965 / RFC 2109
* JVK
*/
- private static final void processCookieHeader(byte bytes[], int off, int
len,
+ private final void processCookieHeader(byte bytes[], int off, int len,
ServerCookies serverCookies) {
if (len <= 0 || bytes == null) {
@@ -191,7 +195,7 @@ public final class Cookies implements Co
!CookieSupport.isV0Separator((char)bytes[pos])
&&
CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
!CookieSupport.isHttpSeparator((char)bytes[pos]) ||
- bytes[pos] == '=' &&
CookieSupport.ALLOW_EQUALS_IN_VALUE) {
+ bytes[pos] == '=' && allowEqualsInValue) {
// Token
valueStart = pos;
// getToken returns the position at the delimiter
@@ -346,7 +350,7 @@ public final class Cookies implements Co
* token, with no separator characters in between.
* JVK
*/
- private static final int getTokenEndPosition(byte bytes[], int off, int
end,
+ private final int getTokenEndPosition(byte bytes[], int off, int end,
int version, boolean isName){
int pos = off;
while (pos < end &&
@@ -355,8 +359,7 @@ public final class Cookies implements Co
CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
bytes[pos] != '=' &&
!CookieSupport.isV0Separator((char)bytes[pos]) ||
- !isName && bytes[pos] == '=' &&
- CookieSupport.ALLOW_EQUALS_IN_VALUE)) {
+ !isName && bytes[pos] == '=' && allowEqualsInValue)) {
pos++;
}
@@ -458,4 +461,14 @@ public final class Cookies implements Co
}
bc.setEnd(dest);
}
+
+
+ public boolean getAllowEqualsInValue() {
+ return allowEqualsInValue;
+ }
+
+
+ public void setAllowEqualsInValue(boolean allowEqualsInValue) {
+ this.allowEqualsInValue = allowEqualsInValue;
+ }
}
Modified: tomcat/trunk/test/org/apache/tomcat/util/http/CookiesBaseTest.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/CookiesBaseTest.java?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/CookiesBaseTest.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/CookiesBaseTest.java Fri Sep
26 10:15:39 2014
@@ -29,10 +29,11 @@ import org.apache.catalina.startup.Tomca
import org.apache.catalina.startup.TomcatBaseTest;
/**
- * Base Test case for {@link Cookies}. <b>Note</b> because of the use of
- * <code>static final</code> constants in {@link Cookies}, each of these tests
- * must be executed in a new JVM instance. The tests have been place in
separate
- * classes to facilitate this when running the unit tests via Ant.
+ * Base Test case for {@link LegacyCookieProcessor}. <b>Note</b> because of the
+ * use of <code>static final</code> constants in {@link LegacyCookieProcessor},
+ * each of these tests must be executed in a new JVM instance. The tests have
+ * been place in separate classes to facilitate this when running the unit
tests
+ * via Ant.
*/
public abstract class CookiesBaseTest extends TomcatBaseTest {
Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestBug49158.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestBug49158.java?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestBug49158.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestBug49158.java Fri Sep 26
10:15:39 2014
@@ -37,8 +37,8 @@ import org.apache.catalina.startup.Tomca
import org.apache.tomcat.util.buf.ByteChunk;
/**
- * Test case for {@link Cookies}. <b>Note</b> because of the use of <code>final
- * static</code> constants in {@link Cookies}, each of these tests must be
+ * Test case for {@link LegacyCookieProcessor}. <b>Note</b> because of the use
of <code>final
+ * static</code> constants in {@link LegacyCookieProcessor}, each of these
tests must be
* executed in a new JVM instance. The tests have been place in separate
classes
* to facilitate this when running the unit tests via Ant.
*/
Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java Fri Sep 26
10:15:39 2014
@@ -478,7 +478,7 @@ public class TestCookies {
if (useRfc6265) {
cookieProcessor = new Rfc6265CookieProcessor();
} else {
- cookieProcessor = new Cookies();
+ cookieProcessor = new LegacyCookieProcessor();
}
MessageBytes cookieHeaderValue = mimeHeaders.addValue("Cookie");
byte[] bytes = header.getBytes(StandardCharsets.UTF_8);
Modified:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java
Fri Sep 26 10:15:39 2014
@@ -29,8 +29,8 @@ import org.apache.catalina.startup.Tomca
import org.apache.tomcat.util.buf.ByteChunk;
/**
- * Test case for {@link Cookies}. <b>Note</b> because of the use of <code>final
- * static</code> constants in {@link Cookies}, each of these tests must be
+ * Test case for {@link LegacyCookieProcessor}. <b>Note</b> because of the use
of <code>final
+ * static</code> constants in {@link LegacyCookieProcessor}, each of these
tests must be
* executed in a new JVM instance. The tests have been place in separate
classes
* to facilitate this when running the unit tests via Ant.
*/
Modified:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoFwdStrictSysProps.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoFwdStrictSysProps.java?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoFwdStrictSysProps.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoFwdStrictSysProps.java
Fri Sep 26 10:15:39 2014
@@ -25,8 +25,8 @@ import org.apache.catalina.startup.Tomca
import org.apache.tomcat.util.buf.ByteChunk;
/**
- * Test case for {@link Cookies}. <b>Note</b> because of the use of <code>final
- * static</code> constants in {@link Cookies}, each of these tests must be
+ * Test case for {@link LegacyCookieProcessor}. <b>Note</b> because of the use
of <code>final
+ * static</code> constants in {@link LegacyCookieProcessor}, each of these
tests must be
* executed in a new JVM instance. The tests have been place in separate
classes
* to facilitate this when running the unit tests via Ant.
*/
Modified:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoStrictNamingSysProps.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoStrictNamingSysProps.java?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoStrictNamingSysProps.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesNoStrictNamingSysProps.java
Fri Sep 26 10:15:39 2014
@@ -25,8 +25,8 @@ import org.apache.catalina.startup.Tomca
import org.apache.tomcat.util.buf.ByteChunk;
/**
- * Test case for {@link Cookies}. <b>Note</b> because of the use of <code>final
- * static</code> constants in {@link Cookies}, each of these tests must be
+ * Test case for {@link LegacyCookieProcessor}. <b>Note</b> because of the use
of <code>final
+ * static</code> constants in {@link LegacyCookieProcessor}, each of these
tests must be
* executed in a new JVM instance. The tests have been place in separate
classes
* to facilitate this when running the unit tests via Ant.
*/
Modified:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java
Fri Sep 26 10:15:39 2014
@@ -29,8 +29,8 @@ import org.apache.catalina.startup.Tomca
import org.apache.tomcat.util.buf.ByteChunk;
/**
- * Test case for {@link Cookies}. <b>Note</b> because of the use of <code>final
- * static</code> constants in {@link Cookies}, each of these tests must be
+ * Test case for {@link LegacyCookieProcessor}. <b>Note</b> because of the use
of <code>final
+ * static</code> constants in {@link LegacyCookieProcessor}, each of these
tests must be
* executed in a new JVM instance. The tests have been place in separate
classes
* to facilitate this when running the unit tests via Ant.
*/
Modified:
tomcat/trunk/test/org/apache/tomcat/util/http/TesterCookiesPerformance.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TesterCookiesPerformance.java?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TesterCookiesPerformance.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TesterCookiesPerformance.java
Fri Sep 26 10:15:39 2014
@@ -47,7 +47,7 @@ public class TesterCookiesPerformance {
headerValue.setBytes(cookieHeaderBytes, 0, cookieHeaderBytes.length);
ServerCookies serverCookies = new ServerCookies(4);
- Cookies originalCookieProcessor = new Cookies();
+ LegacyCookieProcessor originalCookieProcessor = new
LegacyCookieProcessor();
Rfc6265CookieProcessor rfc6265CookieProcessor = new
Rfc6265CookieProcessor();
// warm up
Modified: tomcat/trunk/webapps/docs/config/context.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/context.xml?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/trunk/webapps/docs/config/context.xml Fri Sep 26 10:15:39 2014
@@ -754,6 +754,7 @@
by nesting a corresponding element inside your <strong>Context</strong>
element:</p>
<ul>
+ <li><a href="cookie-processor.html">Cookie Processor</a></li>
<li><a href="loader.html"><strong>Loader</strong></a> -
Configure the web application class loader that will be used to load
servlet and bean classes for this web application. Normally, the
Added: tomcat/trunk/webapps/docs/config/cookie-processor.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/cookie-processor.xml?rev=1627737&view=auto
==============================================================================
--- tomcat/trunk/webapps/docs/config/cookie-processor.xml (added)
+++ tomcat/trunk/webapps/docs/config/cookie-processor.xml Fri Sep 26 10:15:39
2014
@@ -0,0 +1,149 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE document [
+ <!ENTITY project SYSTEM "project.xml">
+]>
+<document url="cookie-processor.html">
+
+ &project;
+
+ <properties>
+ <title>The Cookie Processor Component</title>
+ </properties>
+
+<body>
+
+<section name="Table of Contents">
+<toc />
+</section>
+
+<section name="Introduction">
+
+ <p>The <strong>CookieProcessor</strong> element represents the component that
+ parses received cookie headers into <code>javax.servlet.http.Cookie</code>
+ objects accessible through <code>HttpServletRequest.getCookies()</code> and
+ converts <code>javax.servlet.http.Cookie</code> objects added to the response
+ hrough <code>HttpServletResponse.addCookie</code> to the HTTP headers
returned
+ to the client.</p>
+
+ <p>A CookieProcessor element MAY be nested inside a
+ <a href="context.html">Context</a> component. If it is not included, a
default
+ implementation will be created automatically.</p>
+
+</section>
+
+
+<section name="Attributes">
+
+ <subsection name="Common Attributes">
+
+ <p>All implementations of <strong>CookieProcessor</strong> support the
+ following attributes:</p>
+
+ <attributes>
+
+ <attribute name="className" required="false">
+ <p>Java class name of the implementation to use. This class must
+ implement the <code>org.apache.tomcat.util.http.CookieProcessor</code>
+ interface. If not specified, the standard value (defined below) will be
+ used.</p>
+ </attribute>
+
+ </attributes>
+
+ </subsection>
+
+
+ <subsection name="Standard Implementation">
+
+ <p>The standard implementation of <strong>CookieProcessor</strong> is
+ <code>org.apache.tomcat.util.http.LegacyCookieProcessor</code>. Note
+ that it is anticipated that this will change to
+ <code>org.apache.tomcat.util.http.Rfc6265CookieProcessor</code> in a future
+ Tomcat 8 release.</p>
+
+ <p>This is the legacy cookie parser based on RFC6265, RFC2109 and RFC2616.
+ It implements a strict interpretation of the cookie specifications. Due to
+ various interoperability issues with browsers not all strict behaviours
+ are enabled by default and additional options are available to further
+ relax the behaviour of this cookie processor if required.</p>
+
+ <attributes>
+
+ <attribute name="allowEqualsInValue" required="false">
+ <p>If this is <code>true</code> Tomcat will allow '<code>=</code>'
+ characters when parsing unquoted cookie values. If <code>false</code>,
+ cookie values containing '<code>=</code>' will be terminated when the
+ '<code>=</code>' is encountered and the remainder of the cookie value
+ will be dropped.</p>
+ <p>If not set the specification compliant default value of
+ <code>false</code> will be used. This default may be changed by
setting
+ the
+
<code>org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE</code>
+ <a href="systemprops.html">system property</a>.</p>
+
+ </attribute>
+
+ </attributes>
+
+ </subsection>
+
+ <subsection name="RFC 6265 Cookie Processor -
org.apache.tomcat.util.http.Rfc6265CookieProcessor">
+
+ <p>This cookie processor is based on RFC6265 with the following changes to
+ support better interoperability:</p>
+
+ <ul>
+ <li>Values 0x80 to 0xFF are permitted in cookie-octet to support the use
+ of UTF-8 in cookie values as used by HTML 5.</li>
+ <li>For cookies without a value, the '=' is not required after the name
as
+ some browsers do not sent it.</li>
+ </ul>
+
+ <p>The RFC 6265 cookie processor is generally more lenient than the legacy
+ cookie parser. In particular:</p>
+
+ <ul>
+ <li>The '<code>=</code>' is always permitted in a cookie value.</li>
+ </ul>
+
+ <p>No additional attributes are supported by the <strong>RFC 6265 Cookie
+ Processor</strong>.</p>
+
+ </subsection>
+
+</section>
+
+
+<section name="Nested Components">
+
+ <p>No element may be nested inside a <strong>CookieProcessor</strong>.</p>
+
+</section>
+
+
+<section name="Special Features">
+
+ <p>No special features are associated with a <strong>Resources</strong>
+ element.</p>
+
+</section>
+
+</body>
+
+</document>
Propchange: tomcat/trunk/webapps/docs/config/cookie-processor.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/webapps/docs/config/systemprops.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/systemprops.xml?rev=1627737&r1=1627736&r2=1627737&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/trunk/webapps/docs/config/systemprops.xml Fri Sep 26 10:15:39 2014
@@ -357,7 +357,14 @@
<property
name="org.apache.tomcat.util.http. ServerCookie.ALLOW_EQUALS_IN_VALUE">
- <p>If this is <code>true</code> Tomcat will allow '<code>=</code>'
+ <p>Deprecated. This will be removed in Tomcat 9. Specify the
+ <code>allowEqualsInValue</code> attribute on the
+ <code>org.apache.tomcat.util.http.LegacyCookieProcessor</code> instead.
+ </p>
+ <p>This sets the default value for <code>allowEqualsInValue</code>
+ attribute on the
+ <code>org.apache.tomcat.util.http.LegacyCookieProcessor</code>.
+ the If this is <code>true</code> Tomcat will allow '<code>=</code>'
characters when parsing unquoted cookie values. If <code>false</code>,
cookie values containing '<code>=</code>' will be terminated when the
'<code>=</code>' is encountered and the remainder of the cookie value
will
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
