Re: cookie handling patch
On Thu, 1 Apr 2004, JUANMARCOSMOREN wrote: [...] Aleksandr Guidrevitch wrote: We've found that LWP incorrectly handles cookies containing ';' in the cookie value. The patch (test case and fix) is attached [...] So, why do you want ';' in cookies if they are not handled correctly by the most used HTTP implementations (MSIE and Mozilla)? Right. According RFC in **quoted** string you can put almost anything. See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2109.html for definition of cookie: People don't care much about the HTTP RFC what people really want is to be compatible with MSIE and Mozilla. [...] The algorithm in browsers has apparently always been pretty much 'split on ';'', so right again. John
Re: cookie handling patch
Aleksandr Guidrevitch wrote: We've found that LWP incorrectly handles cookies containing ';' in the cookie value. The patch (test case and fix) is attached Could you point me to a web page that is already sending these kind of cookies? Does it work under MSIE/Mozilla? Juan
Re: cookie handling patch
Hi Juan, JUANMARCOSMOREN wrote: Aleksandr Guidrevitch wrote: We've found that LWP incorrectly handles cookies containing ';' in the cookie value. The patch (test case and fix) is attached Could you point me to a web page that is already sending these kind of cookies? Does it work under MSIE/Mozilla? Nope, it is our internal project, not available to outer world. Both we know that neither mozilla nor msie correctly handle such cookies :(( According RFC in **quoted** string you can put almost anything. See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2109.html for defenition of cookie: av-pairs= av-pair *(; av-pair) av-pair = attr [= value]; optional value attr= token value = word word= token | quoted-string See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2068.html for defenition of quoted-string: A string of text is parsed as a single word if it is quoted using double-quote marks. quoted-string = ( *(qdtext) ) qdtext = any TEXT except The backslash character (\) may be used as a single-character quoting mechanism only within quoted-string and comment constructs. quoted-pair= \ CHAR So, since the patch doesn't break original libwww behaviour (according to the test suite) and provides more proper implementation of rfc, it looked to me as a good candidate for inclusion into libwww. Sincerely, Aleksandr Guidrevitch
Re: cookie handling patch
Aleksandr Guidrevitch wrote: JUANMARCOSMOREN wrote: Aleksandr Guidrevitch wrote: We've found that LWP incorrectly handles cookies containing ';' in the cookie value. The patch (test case and fix) is attached Could you point me to a web page that is already sending these kind of cookies? Does it work under MSIE/Mozilla? Nope, it is our internal project, not available to outer world. Both we know that neither mozilla nor msie correctly handle such cookies :(( So, why do you want ';' in cookies if they are not handled correctly by the most used HTTP implementations (MSIE and Mozilla)? According RFC in **quoted** string you can put almost anything. See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2109.html for definition of cookie: People don't care much about the HTTP RFC what people really want is to be compatible with MSIE and Mozilla. av-pairs= av-pair *(; av-pair) av-pair = attr [= value]; optional value attr= token value = word word= token | quoted-string See http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2068.html for definition of quoted-string: A string of text is parsed as a single word if it is quoted using double-quote marks. quoted-string = ( *(qdtext) ) qdtext = any TEXT except The backslash character (\) may be used as a single-character quoting mechanism only within quoted-string and comment constructs. quoted-pair= \ CHAR So, since the patch doesn't break original libwww behavior (according to the test suite) and provides more proper implementation of rfc, it looked to me as a good candidate for inclusion into libwww. I think this patch solves nothing and add useless code to the library. It is not a good idea to apply this patch. Juan
