We'd like to make a small change to the fix for this for 7u6.
We would like to keep the restriction on $ being the first character of
a cookie name
(since this was a genuine/correct requirement of RFC 2965). That
restriction has been
removed in JDK8, but since that is not required for this particular bug
fix, we will keep it in 7u.
http://cr.openjdk.java.net/~michaelm/7183292/webrev.7u6.3/
Thanks
Michael
On 18/07/12 18:47, Michael McMahon wrote:
This is the same change for 7u6. The change is identical.
http://cr.openjdk.java.net/~michaelm/7183292/webrev.7u6.2/
Thanks,
Michael
On 18/07/12 18:38, Michael McMahon wrote:
Thanks Kurchi.
I have made one small change to another test, which was specifically
testing the $name assertion.
So, that test had to be removed.
The new webrev is at :
http://cr.openjdk.java.net/~michaelm/7183292/webrev.3/
- Michael
On 17/07/12 18:15, Kurchi Subhra Hazra wrote:
I have read the sections dealing with cookie-name in 6265, and these
changes look good to me.
- Kurchi
On 7/17/12 7:32 AM, Michael McMahon wrote:
Thanks for reviewing this Chris. On the question of whether $
should be allowed
in cookie names, it appears like that restriction has been removed
from RFC 6265,
which is evidently a fairly comprehensive description of actual
cookie usage on the web.
So, maybe we should just leave that out as well - assuming that it
is being used in places
(albeit in contravention of the older RFC). What do you think?
- Michael
On 17/07/2012 14:18, Chris Hegarty wrote:
On 17/07/2012 10:17, Michael McMahon wrote:
Hi,
Could I get the following change reviewed please?
http://cr.openjdk.java.net/~michaelm/7183292/webrev.1/
Since 7u4, we are parsing all incoming cookies via the HttpCookie
class.
This class has had a restriction on cookie names that is causing
this
problem
and which is not required by any of the cookie specifications, as
far as
I can see,
(rfc 2965, and 6265 which obsoletes 2965).
Right, this is my reading of the RFC's also. In fact, RFC 2965
explicitly states that "the NAME of a cookie MAY be the same as
one of the attributes in this specification".
The restriction was that cookie names could not be the same (case
insensitively)
as any of the attribute names (eg. Domain). So, the change is to
remove
the restriction.
Yes, this makes sense to me.
One comment on the webrev is that isReserved also enforces that
the name cannot start with a '$', from 2965: "NAMEs that begin
with $ are reserved and MUST NOT be used by applications." I think
you may need to minimally reintroduce this. Otherwise, the changes
look good to me.
-Chris.
Thanks,
Michael
