http://nagoya.apache.org/bugzilla/show_bug.cgi?id=485 *** shadow/485 Thu Feb 1 16:18:13 2001 --- shadow/485.tmp.10731 Thu Feb 1 16:18:13 2001 *************** *** 0 **** --- 1,27 ---- + +============================================================================+ + | Cookie attributes not handled for cookies in Request BugRat Report#816 | + +----------------------------------------------------------------------------+ + | Bug #: 485 Product: Tomcat 3 | + | Status: UNCONFIRMED Version: Nightly Build | + | Resolution: Platform: All | + | Severity: Normal OS/Version: All | + | Priority: High Component: Servlet | + +----------------------------------------------------------------------------+ + | Assigned To: [EMAIL PROTECTED] | + | Reported By: [EMAIL PROTECTED] | + | CC list: Cc: | + +----------------------------------------------------------------------------+ + | URL: | + +============================================================================+ + | DESCRIPTION | + Tomcat does not look for or process the $Version, $Path and $Domain attributes for +cookies sent from the user agent to the server, as per RFC 2109. + + Further, Tomcat does not check for invalid cookie names in cookies sent from the +user agent to the server (such as "Path") which can cause requests to fail when badly +formed cookies are sent. + + Source Reference org.apache.tomcat.util.RequestUtil + + ------- Additional Comments From [EMAIL PROTECTED] 2001-02-01 16:18 ------- + First part is fixed in the main development tree ( cookie parsing has been + rewritten ). Regarding the values, for V1 we quote it, but it's the + responsibility of the servlet to pass right value. + It is possible to reject invalid values - I'll add this later. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
