2016-09-06 19:11 GMT+02:00 Mark Thomas <ma...@apache.org>: > This looks like something that is a good fit for > STRICT_SERVLET_COMPLIANCE. My current thinking is if this is set, change > the default CookieProcessor to LegacyCookieProcessor. > > I think I'm -1 for using the strict compliance flag for that. It's too big a behavior change, and the current situation is far more robust. Thanks to you actually, it looks doubtful anyone would have tackled a cookie refactoring ... People who need absolute compatibility can just as easily configure another cookie support, but the requirement is really illegitimate and counter productive.
I also think the specification language is not intentional, it's only a lack of update in the old javadoc basically. Rémy
