On Mon, 2008-10-20 at 09:42 -0700, Joseph Mocker wrote:
> It sounds like your webserver, or whatever is generating & processing
> the session cookie, is in error. From my reads of RFC2109 & RFC2068,
> quotes are reserved characters, they are not allowed in the cookie value.
>
> They say the cookie value can be either
>
> token | quoted-string
>
> where
>
> token = 1*<any CHAR except CTLs or tspecials>
>
> tspecials = "(" | ")" | "<" | ">" | "@"
> | "," | ";" | ":" | "\" | <">
> | "/" | "[" | "]" | "?" | "="
> | "{" | "}" | SP | HT
>
> and
>
> quoted-string = ( <"> *(qdtext) <"> )
>
> qdtext = <any TEXT except <">>
>
>
> So in your example, the quoted-string form is used, therefore the quotes
> are not part of the cookie value.
>
> Perhaps one of the developers can comment?
>
Joe,
I second that. The culprit is the broken server side script.
Oleg
> --joe
>
>
> Reinhard Pagitsch wrote:
> > Hello to all,
> >
> > From our webserver I get a session cookie in the form
> > POSESSIONID="dfgsdfgsdg="
> > But the HTTPClient sends back the cookie in the form
> > POSESSIONID=dfgsdfgsdg=.
> > Therefore no authentication is done. Is there a way to configure the
> > HttpClient to send back
> > the session cookie as it is and do no modifications?
> >
> > Thank you,
> > Reinhard
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
