[Bug 59703] RFC 6265 Cookie Processor doesn't allow cookie domains with a leading dot.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59703 --- Comment #5 from Shaeleigh Schneider --- Bugs are the error which presents the formation of the error for the kind of good and best fortune to all of the basic things. The cookies error and the password building have the link in https://www.topaperwritingservices.com/review-bestdisseration-com/ for best dissertion way of fortune building by grant allowance. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59703] RFC 6265 Cookie Processor doesn't allow cookie domains with a leading dot.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59703 --- Comment #5 from Jonathan --- Bugs are the error which presents the formation of the error for the kind of good and best fortune to all of the basic things. The cookies error and the password building have the link in https://www.topaperwritingservices.com/review-bestdisseration-com/ for best dissection way of fortune building by grant allowance. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59703] RFC 6265 Cookie Processor doesn't allow cookie domains with a leading dot.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59703 --- Comment #4 from jer...@noskilz.com --- It'd probably be good to have also included this as breaking backwards compatibility. The widespread configuration documentation in the wild for cookie subdomains that says to use the .example.com definition, means when 8.5 replaces 8.0 for what a repo delivers for tomcat8, it will fail. In a situation where a new server is spinning up, grabs the new version of tomcat 8.x available, and it doesn't do anything but throw 500 errors: Some examples of implementing the legacy cookie handler in context.xml so that this continues to work would be more helpful than the blurb about the change in cookie handler that is in the migration guide. In the current migration guide it also mentions nothing here about changes that are not fully backwards compatibile: - Tomcat 8.5.x noteable changes The Tomcat developers aim for each patch release to be fully backwards compatible with the previous release. Occasionally, it is necessary to break backwards compatibility in order to fix a bug. In most cases, these changes will go unnoticed. This section lists changes that are not fully backwards compatible and might cause breakage when upgrading. None. - I found another thread about being willing to make changes to work with IE/Edge browsers. I find it interesting that you are grudgingly willing to provide more help to have that browser working outside of spec than a common context configuration that will mitigate an issue for existing tomcat server operators and admins. Stripping the . and passing this as mentioned in the referenced email thread would have been a pretty straightforward solution that would have made the documentation of "None." actually true. just do a search for information on: "tomcat cookie subdomain" and let me know where you find configuration examples that don't have the leading . -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59703] RFC 6265 Cookie Processor doesn't allow cookie domains with a leading dot.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59703 --- Comment #3 from Mark Thomas --- There is also this thread: http://tomcat.markmail.org/thread/lmqxehlhuqjnleym By all means, add something to the migration guide about the RFC 6265 processor and cookie domains. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59703] RFC 6265 Cookie Processor doesn't allow cookie domains with a leading dot.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59703 --- Comment #2 from Huxing Zhang --- We ran into the same issue in 8.5.x, as a result, we've chosen to use org.apache.tomcat.util.http.LegacyCookieProcessor instead for compatibility. As there is another one commenting on this issue (see bottom of [1]), is it worth mentioning it in the documentation? [1] https://tomcat.apache.org/tomcat-8.0-doc/config/cookie-processor.html -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59703] RFC 6265 Cookie Processor doesn't allow cookie domains with a leading dot.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59703 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #1 from Mark Thomas --- RFC 6265 does not permit domain values to begin with ".". Tomcat correctly rejects these. >From RFC 6265, Section 4.1.1 domain-av = "Domain=" domain-value domain-value = ; defined in [RFC1034], Section 3.5, as ; enhanced by [RFC1123], Section 2.1 >From RFC 1034, Section 3.5 ::= | "." ::= [ [ ] ] ::= | ::= | "-" ::= | ::= any one of the 52 alphabetic characters A through Z in upper case and a through z in lower case ::= any one of the ten digits 0 through 9 Note that while upper and lower case letters are allowed in domain names, no significance is attached to the case. That is, two names with the same spelling but different case are to be treated as if identical. The labels must follow the rules for ARPANET host names. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen. There are also some restrictions on the length. Labels must be 63 characters or less. >From RFC 1123, Section 2.1 One aspect of host name syntax is hereby changed: the restriction on the first character is relaxed to allow either a letter or a digit. Host software MUST support this more liberal syntax. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org