[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=43&rev2=44 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 11 have been applied. + Of these, patches 01 to 12 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=42&rev2=43 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 10 have been applied. + Of these, patches 01 to 11 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=41&rev2=42 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 09 have been applied. + Of these, patches 01 to 10 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=38&rev2=39 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 06 have been applied. + Of these, patches 01 to 07 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=37&rev2=38 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 05 have been applied. + Of these, patches 01 to 06 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=36&rev2=37 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 04 have been applied. + Of these, patches 01 to 05 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=35&rev2=36 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 03 have been applied. + Of these, patches 01 to 04 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=34&rev2=35 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 02 have been applied. + Of these, patches 01 to 03 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=33&rev2=34 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ - Of these, patches 01 to 01 have been applied. + Of these, patches 01 to 02 have been applied. There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=32&rev2=33 == Implementation Progress == I started work on this in a local branch. Patches for the changes made there can be found here: http://people.apache.org/~jboynes/patches/ + Of these, patches 01 to 01 have been applied. + There is substantial refactoring in there to simply the current implementation. Actual changes are: * C3 '=' is now disallowed in Netscape cookie names (it was already not allowed in RFC2109 names) * C4 Attribute names are allowed as cookies names - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=23&rev2=24 Comment: Review proposed parsing changes and make an alternative suggestion P3 Do not throw IAE from the parser:: :: Invalid syntax will result in a user-data log entry and cookies being dropped rather than throwing of an IAE. Application impact is that requests with an invalid Cookie header will now be dispatched to the application. + :: '''Alternative P3a:''' Ensure that the cookie header is available for the application to parse manually. === Impact of proposal on existing issues === ||<:10%>'''Issue'''||Impact|| - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=22&rev2=23 Comment: Review proposed generation changes and make a couple of alternative suggestions === Changes to generation of Set-Cookie header === G1 Use RFC6265 format header for V0 cookies:: :: When version == 0 always generate a RFC6265 header, raising an exception from addCookie if the value is invalid rather than attempting to upgrade to a RFC2109 header to use quoting. Application impact is that they will now fail fast with an error rather than inconsistent data as described in Bug 55920; applications that do not set invalid values will not be impacted. + :: '''Alternative G1a:''' Generate an RFC6265 header if possible but provide an option (disabled by default) to allow switching to an RFC2109 header if a valid RFC6265 header is not possible. G2 Use RFC2109 format header only for V1 cookies:: :: When version == 1 always generate a RFC2109 header, raising an exception from addCookie if the value is invalid. This preserves existing behaviour for applications that use V1 cookies. G3 Stop adding quotes or escaping to values:: :: The value supplied by the application will be validated to the relevant specification and will result in a IAE if it does not conform. The value will never be modified to add quotations or escape characters, Application impact is that an attempt to set an invalid value will result in an early error rather than inconsistent data. + :: '''Alternative G3a:''' Quotes and/or escaping only to be added to RFC2109 headers. API to remain symmetric and quoting/escaping to remain transparent to applicatons. G4 Use UTF-8 encoding for values:: :: The value (which is a UCS-16 Java String) will be encoded using UTF-8 when being added to the header. Application impact is that non-ASCII characters will no longer cause an IAE. For V0 cookies, this is an extension to RFC6265 required to support HTML-5. V1 cookies already allow 8-bit characters if quoted and this is likely to be needed to avoid an IAE as the value would still be validated; it would be the application's responsibility to quote the value. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Tomcat Wiki] Update of "Cookies" by markt
On 1 January 2014 18:32, Jeremy Boynes wrote: > On Dec 31, 2013, at 12:46 PM, Mark Thomas wrote: > >> Signed PGP part >> On 31/12/2013 20:29, Mark Thomas wrote: >> > On 31/12/2013 17:03, Jeremy Boynes wrote: >> >> On Dec 31, 2013, at 3:55 AM, Mark Thomas >> >> wrote: >> > >> >>> On 31/12/2013 11:39, Apache Wiki wrote: >> Dear Wiki user, >> >> You have subscribed to a wiki page or wiki category on >> "Tomcat Wiki" for change notification. >> >> The "Cookies" page has been changed by markt: >> https://wiki.apache.org/tomcat/Cookies >> >> New page: #acl AdminGroup:read,write All:read ##language:en >> >> = Cookies = >> > >> >> I’m not able to edit that page - is the acl right? >> > >> > No, it isn't. It was copied from another page. I'll go through the >> > wiki and check all of the pages. >> >> Try now. I just got locked out for requesting too many pages too fast >> but I think the cookie page should be editable by anyone in the >> contributors group now. If you aren't in that group reply with your >> wiki ID and someone will add you. > > I still don’t have an “Edit” action - my wiki id is jboynes. Not surprising, as you were not in the ContributorsGroup - see the second para on the Front page. Try again now. > Thanks > Jeremy > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Tomcat Wiki] Update of "Cookies" by markt
On Dec 31, 2013, at 12:46 PM, Mark Thomas wrote: > Signed PGP part > On 31/12/2013 20:29, Mark Thomas wrote: > > On 31/12/2013 17:03, Jeremy Boynes wrote: > >> On Dec 31, 2013, at 3:55 AM, Mark Thomas > >> wrote: > > > >>> On 31/12/2013 11:39, Apache Wiki wrote: > Dear Wiki user, > > You have subscribed to a wiki page or wiki category on > "Tomcat Wiki" for change notification. > > The "Cookies" page has been changed by markt: > https://wiki.apache.org/tomcat/Cookies > > New page: #acl AdminGroup:read,write All:read ##language:en > > = Cookies = > > > >> I’m not able to edit that page - is the acl right? > > > > No, it isn't. It was copied from another page. I'll go through the > > wiki and check all of the pages. > > Try now. I just got locked out for requesting too many pages too fast > but I think the cookie page should be editable by anyone in the > contributors group now. If you aren't in that group reply with your > wiki ID and someone will add you. I still don’t have an “Edit” action - my wiki id is jboynes. Thanks Jeremy signature.asc Description: Message signed with OpenPGP using GPGMail
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=12&rev2=13 Comment: Delete one question as this is V0 cookies where there is no quoting and answer other question ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed.||TBD||Netscape - quotes are part of value.||Quotes are not part of value.|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||Allowed.|| - ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash. (semi-colon, etc. allowed in quoted values?)|| + ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash.|| ||Always add expires||Enabled by default. Disabled by property.||TBD||Netsacpe uses expires. RFC2109 uses Max-Age.||Allows either, none or both.|| ||/ is separator||Enabled by default. Disabled by property.||TBD||Netscape allowed in names and values. RFC2109 allowed in values if quoted.||Allowed in values.|| - ||Strict naming (definition?)||Enabled by default. Disabled by property.||TBD||Netscape allows names the Servlet spec does not. RFC2109 is consistent with the Servlet spec.||Consistent with the Servlet spec.|| + ||Strict naming (as per Servlet spec)||Enabled by default. Disabled by property.||TBD||Netscape allows names the Servlet spec does not. RFC2109 is consistent with the Servlet spec.||Consistent with the Servlet spec.|| ||Allow name only||Disabled by default. Enabled by property.||TBD||Netscape allowed and equals sign expected before empty value. RFC2109 not allowed.||Allowed but equals sign required before empty value.|| Issues to add to the table above - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=10&rev2=11 Comment: Notes on stricy naming ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash.|| ||Always add expires||Enabled by default. Disabled by property.||TBD||Netsacpe uses expires. RFC2109 uses Max-Age.||Allows either, none or both.|| ||/ is separator||Enabled by default. Disabled by property.||TBD||Netscape allowed in names and values. RFC2109 allowed in values if quoted.||Allowed in values.|| - ||Strict naming||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||Strict naming||Enabled by default. Disabled by property.||TBD||Netscape allows names the Servlet spec does not. RFC2109 is consistent with the Servlet spec.||Consistent with the Servlet spec.|| ||Allow name only||Disabled by default. Enabled by property.||TBD||Netscape allowed and equals sign expected before empty value. RFC2109 not allowed.||Allowed but equals sign required before empty value.|| Issues to add to the table above - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=9&rev2=10 Comment: Add name only cookie notes. ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||Allowed.|| ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash.|| ||Always add expires||Enabled by default. Disabled by property.||TBD||Netsacpe uses expires. RFC2109 uses Max-Age.||Allows either, none or both.|| - ||/ is separator||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||/ is separator||Enabled by default. Disabled by property.||TBD||Netscape allowed in names and values. RFC2109 allowed in values if quoted.||Allowed in values.|| ||Strict naming||Enabled by default. Disabled by property.||TBD||TBD||TBD|| - ||Allow name only||Disabled by default. Enabled by property.||TBD||TBD||TBD|| + ||Allow name only||Disabled by default. Enabled by property.||TBD||Netscape allowed and equals sign expected before empty value. RFC2109 not allowed.||Allowed but equals sign required before empty value.|| Issues to add to the table above - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=8&rev2=9 Comment: Add some notes on separators and expires/max-age == Parsing the Cookie header by Tomcat == ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Servlet + Netscape + RFC2109'''||'''Servlet + RFC 6265'''|| - ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed|| + ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed.|| ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||Not allowed.||Not allowed.|| - ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||Netscape - quotes are part of value||Quotes are not part of value|| + ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed.||TBD||Netscape - quotes are part of value.||Quotes are not part of value.|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||Allowed.|| - ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||TBD||TBD|| - ||Always add expires||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash.|| + ||Always add expires||Enabled by default. Disabled by property.||TBD||Netsacpe uses expires. RFC2109 uses Max-Age.||Allows either, none or both.|| ||/ is separator||Enabled by default. Disabled by property.||TBD||TBD||TBD|| ||Strict naming||Enabled by default. Disabled by property.||TBD||TBD||TBD|| ||Allow name only||Disabled by default. Enabled by property.||TBD||TBD||TBD|| - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=7&rev2=8 Comment: Reviewed specs for BZ55920 and use of '=' ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Servlet + Netscape + RFC2109'''||'''Servlet + RFC 6265'''|| ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed|| ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||Not allowed.||Not allowed.|| - ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||TBD||TBD|| + ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||Netscape - quotes are part of value||Quotes are not part of value|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| - ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||TBD|| + ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||Allowed.|| ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||TBD||TBD|| ||Always add expires||Enabled by default. Disabled by property.||TBD||TBD||TBD|| ||/ is separator||Enabled by default. Disabled by property.||TBD||TBD||TBD|| - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=6&rev2=7 Comment: Reviewed specs for BZ55918 ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Servlet + Netscape + RFC2109'''||'''Servlet + RFC 6265'''|| ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed|| - ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||TBD||TBD|| + ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||Not allowed.||Not allowed.|| ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||TBD||TBD|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||TBD|| - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=5&rev2=6 Comment: Add more detail on 0x80 to 0xFF == Parsing the Cookie header by Tomcat == - ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Strict Servlet (Netscape + RFC2109)'''||'''RFC 6265'''|| + ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Servlet + Netscape + RFC2109'''||'''Servlet + RFC 6265'''|| - ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||TBD||TBD|| + ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed|| ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||TBD||TBD|| ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||TBD||TBD|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| @@ -26, +26 @@ TODO: Need to define behaviour for each of the issues above. + == References == + + 1. [[http://www.ietf.org/mail-archive/web/http-state/current/msg01232.html|RFC6265 discussion on 0x80-0xFF]] + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=4&rev2=5 ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||TBD||TBD|| ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||TBD||TBD|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| + ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||TBD|| + ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||TBD||TBD|| + ||Always add expires||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||/ is separator||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||Strict naming||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||Allow name only||Disabled by default. Enabled by property.||TBD||TBD||TBD|| Issues to add to the table above - * = character in cookie value * Any further issues raised on mailing lists - * Each of the issues for which a system property was created == Generating the Set-Cookie header by Tomcat == - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Tomcat Wiki] Update of "Cookies" by markt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/12/2013 20:29, Mark Thomas wrote: > On 31/12/2013 17:03, Jeremy Boynes wrote: >> On Dec 31, 2013, at 3:55 AM, Mark Thomas >> wrote: > >>> On 31/12/2013 11:39, Apache Wiki wrote: Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies New page: #acl AdminGroup:read,write All:read ##language:en = Cookies = > >> I’m not able to edit that page - is the acl right? > > No, it isn't. It was copied from another page. I'll go through the > wiki and check all of the pages. Try now. I just got locked out for requesting too many pages too fast but I think the cookie page should be editable by anyone in the contributors group now. If you aren't in that group reply with your wiki ID and someone will add you. Mark -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSwy00AAoJEBDAHFovYFnnCm4P/j0kC/TtxePkURSvuJpYQr2c nZQr/twow4CMjAz4GGTFMjpuY0KTZl5V06KlN5fN9/ARHk04jguApeTadzpMOPDv 87BPUhV/ofZyTONjFeQx9WTnkfcFEsVqxydLpUu+FRvd6x3XTHXXKR7FuII88R4Z mW/tncaVe1pfusvD7n/dPYrsSlqrQZi58JJQcJo7hIhX29qsJ2SNSeyv2txtwjiB 2JYuk8fEEngpviztJ6NDHk69kP7hkaveDKtaBG3qeBXu+zY1I/ew4D7KHkBnk99q zYfa4Moz5WrtukM3PXTdHnFSVe/i7q25sr/3gbnl9qiXNYfxaQCgoi7/arAtj2zm WKxEoSLNtY23b0dC0vAV5qYDnBfqatkGG7ay92lrGoTuop9v5hn2tgLuKJkwdGAv y96mCfpdajyUt9hU3RK1DPjg5LedxOYz+rZrcY2Rke4flEM4CJtuzocvDFhhHFwK a0318cNSVqqzh5HUwLrNvjyjlDxpN0LOlvZsE0vinWJy025lSY92ZBuICfD9p7V4 fFvy+FIz8l4Ng+iFJl58q2HwtCUay9Ttf+Zo2BRRmQ+vHGanDVnVUORn9pn2QWVI pCXs/vmsPAkKUYCxGm8z0eCwX2+eqPuxrmGLRVeDSCWWD4ML6m1PDlSxv29aSDqy Jc6JBphG8hP79H2fKoD4 =6Ypb -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=3&rev2=4 Comment: Fix ACLs - #acl AdminGroup:read,write All:read ##language:en = Cookies = - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Tomcat Wiki] Update of "Cookies" by markt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/12/2013 17:03, Jeremy Boynes wrote: > On Dec 31, 2013, at 3:55 AM, Mark Thomas wrote: > >> On 31/12/2013 11:39, Apache Wiki wrote: >>> Dear Wiki user, >>> >>> You have subscribed to a wiki page or wiki category on "Tomcat >>> Wiki" for change notification. >>> >>> The "Cookies" page has been changed by markt: >>> https://wiki.apache.org/tomcat/Cookies >>> >>> New page: #acl AdminGroup:read,write All:read ##language:en >>> >>> = Cookies = > > I’m not able to edit that page - is the acl right? No, it isn't. It was copied from another page. I'll go through the wiki and check all of the pages. Mark -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSwykoAAoJEBDAHFovYFnniKEP/A8pb+Ydzudo5yMjEVlKnmtK hiW16zHL4b+I8ZngqFRrcGOxP9pTRNR45k6CToqzzi2sDFIqQ834o3hqh1ABsG5+ F3r7iSn95zBxX/smjmMQ9QT9A8gOO3UZtzb84obAA275MrBGt757tTR3w5ZRARlg 3zwB7EjBB9BsLJlZAmXR2GkTQp8hBjLKMVa3Tqxuj8KPZ4qyktIu+KDotqePe5ZQ SwjRfjbKTPkEpTsTWzeTFqg3gVnCHZXdn0CxsSbCEhfIenRsYJiVYn3PErgbnayZ O3HSMKfDmG6NmhWenJSLV3FQBvqI/f6j8JjBgqpKVVs+8CBWKPYKErQoCMHSBILh szW3CVXT223hb+ifi4K5uh4h7CjXj98Wp0curKKdhwx68KyVrezlvWxjZGlR3npu y/Otn9CwKQSoavwwRWjfrInsX9tbPWE9WcJIPsmjhLPW/B8mH0Ni7y0JTWRAlthB AtHya8QkyjVfmdw7P3X6hflxkOTZtGW5hmF0mjRxS+1TJkni/ilvwr9e7TefMRyr wiN5Hq+h2Hh7b1shqu1ePXAYv0zDNY0jaSNQCgTy6txfrrcua7QvEjIl+TnA6arO u3iprhgqKcTPSoKuHFCXcWqPPYNGSY5yIC4ZmXs2T8WtBz5WyPpuEe3laoXD62Zo YQ7V1r22+wTTBIjwPR3Z =CPU2 -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Tomcat Wiki] Update of "Cookies" by markt
On Dec 31, 2013, at 3:55 AM, Mark Thomas wrote: > On 31/12/2013 11:39, Apache Wiki wrote: >> Dear Wiki user, >> >> You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for >> change notification. >> >> The "Cookies" page has been changed by markt: >> https://wiki.apache.org/tomcat/Cookies >> >> New page: >> #acl AdminGroup:read,write All:read >> ##language:en >> >> = Cookies = I’m not able to edit that page - is the acl right? Thanks Jeremy signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [Tomcat Wiki] Update of "Cookies" by markt
On 31/12/2013 11:39, Apache Wiki wrote: > Dear Wiki user, > > You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for > change notification. > > The "Cookies" page has been changed by markt: > https://wiki.apache.org/tomcat/Cookies > > New page: > #acl AdminGroup:read,write All:read > ##language:en > > = Cookies = What I am aiming to do here is get all of the issues documented in a single place to make the discussions about how to handle them all simpler. My hope is that we will be able to come up with a solution that is simpler than our current large number of system properties. Mark > > ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new > behaviour'''||'''Strict Servlet (Netscape + RFC2109)'''||'''RFC 6265'''|| > > > Issues to add to the table above > > * Characters in the range 0x80 to 0xFF > * = character in cookie value > * raw JSON in cookie value > * Remaining issues from recent Bugzilla reports > * Any further issues raised on mailing lists > * Each of the issues for which a system property was created > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=2&rev2=3 Comment: Make a distinction between parsing cookie headers and creating them ##language:en = Cookies = + + == Parsing the Cookie header by Tomcat == ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Strict Servlet (Netscape + RFC2109)'''||'''RFC 6265'''|| ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||TBD||TBD|| @@ -17, +19 @@ * Any further issues raised on mailing lists * Each of the issues for which a system property was created + == Generating the Set-Cookie header by Tomcat == + + TODO: Need to define behaviour for each of the issues above. + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=1&rev2=2 Comment: Add issues from Bugzilla = Cookies = ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Strict Servlet (Netscape + RFC2109)'''||'''RFC 6265'''|| - + ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||TBD||TBD|| + ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||TBD||TBD|| + ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||TBD||TBD|| + ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| Issues to add to the table above - * Characters in the range 0x80 to 0xFF * = character in cookie value - * raw JSON in cookie value - * Remaining issues from recent Bugzilla reports * Any further issues raised on mailing lists * Each of the issues for which a system property was created - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies New page: #acl AdminGroup:read,write All:read ##language:en = Cookies = ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Strict Servlet (Netscape + RFC2109)'''||'''RFC 6265'''|| Issues to add to the table above * Characters in the range 0x80 to 0xFF * = character in cookie value * raw JSON in cookie value * Remaining issues from recent Bugzilla reports * Any further issues raised on mailing lists * Each of the issues for which a system property was created - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org