DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=31266>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31266 RequestUtil.parseCookieHeader not fully RFC 2109 compliant Summary: RequestUtil.parseCookieHeader not fully RFC 2109 compliant Product: Tomcat 3 Version: 3.3 Final Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Servlet AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] According to RFC 2109, when sending cookies to the origin server, $Path and $Domain are optional attributes for the cookie header. The RequestUtil.parseCookieHeader method does not account for these optional parameters and could lead to an Illegal Argument Exception being thrown from javax.servlet.http.Cookie. The parseCookieHeader method currently tokenizes the cookie header using the ';' as a delimeter. All name=value pairs are used to create new javax.servlet.http.Cookie objects. According to javax.servlet.http.Cookie: "The name must conform to RFC 2109. That means it can contain only ASCII alphanumeric characters and cannot contain commas, semicolons, or white space or begin with a $ character" ParseCookieHeader should look for the pat and domain keywords for each token and if found, their values should be added to the last cookie object created using the setDomain and setPath cookie methods. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
