> the client to the server. Here, I fully agree with you. A cookie > for /app1 is sent only to /app1/*. But I still say that the cookie > can have been set by /app1/screens/login.jsp in the first place. >
All right. You are right. I was wrong. I confused the algorithm of rejecting cookies with that of matching cookies. Sorry. Ayatollahs err too Oleg > > I have no problem with being proven wrong. I can err as any mortal > human. > > Since we cannot agree on a common interpretation of the RFC, > I doubt either of us can prove the other wrong :-) Referring > to the implementation, the last check in method validate(...) > of CookieSpecBase does not match your interpretation, does it? > > http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java?view=markup > > cheers, > Roland > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
