Mark Thomas wrote:
On 01/04/2015 11:53, André Warnier wrote:
<snip/>
By curiosity, I was trying to find the relevant RFCs, to see if "ä" is a
valid name for a cookie. I am not sure..
Cookies are defined in RFC6265 (http://tools.ietf.org/html/rfc6265).
That document defines the cookie-name as a "token", and refers to
RFC2616 for the definition of token.
RFC2616 (http://tools.ietf.org/html/rfc2616#section-2.2) defines a
"token" as a series of CHAR's, which in turn are defined as
CHAR = <any US-ASCII character (octets 0 - 127)>
So that would tend to say that "ä" is not a valid name for a cookie ?
The rules for cookie names are stricter than those for cookie values. I
believe the OP was asking about cookie values.
I wasn't sure. The example given to reproduce it was of doing
"document.cookie='ä=0';"
"in the development console of the browser". Does that create a Cookie header with "ä" in
the cookie name, or in the value ?
That said, no cookie spec allows 0x80 to 0xFF in the cookie name or value.
Tomcat's RFC 6265 cookie processor explicitly relaxes this restriction
for cookie values to support interoperability with non-compliant clients
and applications (since it can be done safely).
It apparently solves the OP's problem for now, which is nice.
But maybe Peter should be made aware of the fact that this is a Tomcat-only
solution.
There is no guarantee that if his proxy application is ported to another servlet
container, it would work in the same way.
Those cookies are apparently invalid as per the RFC's, so another container may still
reject them.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
