On 01/04/2015 11:53, André Warnier wrote: <snip/>
> By curiosity, I was trying to find the relevant RFCs, to see if "ä" is a > valid name for a cookie. I am not sure.. > > Cookies are defined in RFC6265 (http://tools.ietf.org/html/rfc6265). > That document defines the cookie-name as a "token", and refers to > RFC2616 for the definition of token. > RFC2616 (http://tools.ietf.org/html/rfc2616#section-2.2) defines a > "token" as a series of CHAR's, which in turn are defined as > > CHAR = <any US-ASCII character (octets 0 - 127)> > > > So that would tend to say that "ä" is not a valid name for a cookie ? The rules for cookie names are stricter than those for cookie values. I believe the OP was asking about cookie values. That said, no cookie spec allows 0x80 to 0xFF in the cookie name or value. Tomcat's RFC 6265 cookie processor explicitly relaxes this restriction for cookie values to support interoperability with non-compliant clients and applications (since it can be done safely). Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
