On Monday 01 July 2002 13:16, peter lin wrote:
> that's the problem with assumptions :)
>
> Actually I believe the W3C spec says the path will default to directory
> the pages resides in. So that page /hello/greeting.jsp will have
> "/hello" as the path. Only files under "/hello" can read the cookie.
> Atleast that's my understanding of how cookie path is supposed to be
> set. Some one correct me if I am wrong.
Well a reliable source tells me that there is no w3c spec for Cookies, and
infact the concept was conjured by Netscape. There is an RFC spec for
Cookies, but it's largely ignored.
So as the useful browsers out there ignore Cookie requests without a path, it
might be handy to add it by default so other people don't spend an hour or
two sitting there thinking "Why doesn't this work?". The current context path
would be handy, so the response code could look like this:
public void addCookie(Cookie c)
{
// whatever
if (c.getPath() == null)
c.setPath(getContextPath());
// etc
}
Just a thought :)
> peter
>
> John Baker wrote:
> > On Monday 01 July 2002 12:59, peter lin wrote:
> > > if you want the cookies to be readable by all pages, you should set it
> > > to "/". That's standard practice. Also, if you have multiple webserver
> > > with names like www1, www2, www3....., you should also set the cookie
> > > to use yourbiz.com.
> >
> > I know this ;-) But I'd forgotten to put the / there, and assumed the
> > browser would assume this if no / was passed to it. However they don't,
> > so I was suggesting that if a Cookie has no path set then one should be
> > written by default as a totally useless header is currently written in
> > the form:
> >
> > Set-Cookie: someName=someValue; expires....
> >
> > and due to the lack of a path, every browser ignores it.
--
John Baker, BSc CS.
Java Developer, TEAM/Slb. http://www.teamenergy.com
Views expressed in this mail are my own.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
