----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 15, 2001 4:57 AM Subject: cvs commit: jakarta-commons/httpclient/src/java/org/apache/commons/httpclient Cookie.java > * @author B.C. Holmes > * @author <a href="mailto:[EMAIL PROTECTED]";>Park, Sung-Gu</a> > + * @author <a href="mailto:[EMAIL PROTECTED]";>Doug Sale</a> > + // This code was allowing port values in the domain. This is not part > + // of RFC2109. > + // > + // As per RFC2109 (from Section 2 - Terminology): > + // > + // The terms request-host and request-URI refer to the values the client > + // would send to the server as, respectively, the host (but not port) > + // and abs_path portions of the absoluteURI (http_URL) of the HTTP > + // request line. > + // > + // RFC2965 includes ports in cookie-sending determination, but only > + // when the cookie is received via a 'Set-Cookie2' header. > + // > + // Since this code doesn't support RFC2965, ports have been removed > + // from domains before checking mathces. > + // > + // removing port from domain > + int ndx = domain.indexOf(":"); > + if (ndx != -1) { > + domain = domain.substring(0, ndx); > + } Perhaps, is there any cases that a server sends the domain with a port on a cookie? I thought most case domain doesn't include a port number in common sense. It's just wondering... ^^; Well.... If the domain is included with a port number, then It would be a problem with IPv6, later. Sung-Gu
