DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=15576>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=15576 IllegalArgumentException during adding a cookie ------- Additional Comments From [EMAIL PROTECTED] 2004-06-10 19:26 ------- William, I went ahead and re-read the RFC. After doing some investigation, I now agree and disagree with you. According to RFC 2109 found at, http://www.faqs.org/rfcs/rfc2109.html, section 4.2.2 Set-Cookie Syntax: The syntax for the Set-Cookie response header is set-cookie = "Set-Cookie:" cookies cookies = 1#cookie cookie = NAME "=" VALUE *(";" cookie-av) NAME = attr VALUE = value cookie-av = "Comment" "=" value | "Domain" "=" value | "Max-Age" "=" value | "Path" "=" value | "Secure" | "Version" "=" 1*DIGIT According to the general syntax in the same RFC: The two state management headers, Set-Cookie and Cookie, have common syntactic properties involving attribute-value pairs. The following grammar uses the notation, and tokens DIGIT (decimal digits) and token (informally, a sequence of non-special, non-white space characters) from the HTTP/1.1 specification [RFC 2068] to describe their syntax. av-pairs = av-pair *(";" av-pair) av-pair = attr ["=" value] ; optional value attr = token value = word word = token | quoted-string Attributes (names) (attr) are case-insensitive. White space is permitted between tokens. Note that while the above syntax description shows value as optional, most attrs require them. So the value in the cookie can either be a token or a quoted-string. According to RFC found at http://www.faqs.org/rfcs/rfc2068.html tokens are defined as: Token = 1*<any CHAR except CTLs or tspecials> tspecials = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT ” According to RFC found at http://www.faqs.org/rfcs/rfc2068.html quoted-strings are defined as: A string of text is parsed as a single word if it is quoted using double-quote marks. quoted-string = ( <"> *(qdtext) <"> ) qdtext = <any TEXT except <">> According to RFC found at http://www.faqs.org/rfcs/rfc2068.html TEXT is defined as: The TEXT rule is only used for descriptive field contents and values that are not intended to be interpreted by the message parser. Words of *TEXT may contain characters from character sets other than ISO 8859-1 [22] only when encoded according to the rules of RFC 1522 [14]. TEXT = <any OCTET except CTLs, but including LWS> According to RFC found at http://www.faqs.org/rfcs/rfc2068.html CTLs, CRLF, CR, LF, SP, HT, and LWS are defined as: CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)> CR = <US-ASCII CR, carriage return (13)> LF = <US-ASCII LF, linefeed (10)> SP = <US-ASCII SP, space (32)> HT = <US-ASCII HT, horizontal-tab (9)> CRLF = CR LF LWS = [CRLF] 1*( SP | HT ) Since commas and semicolons are part of the ISO 8859-1 they are allowed in quoted-strings, hence they should be allowed to be in cookie values. Please provide me your reasoning next time you inform me that I am wrong. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
