I am trying to understand the reasoning behind needing this setting: org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE=true When set to true, my cookie values can contain the '=' character. I assume that Tomcat did not implement this setting which defaults to false for no reason. I'd like to understand the cost/downside of turning this on. The upside is that I can accept valid cookies that aren't truncated.
I can't find the relevant portion of rfc6265 that disallows '=' character in cookie values, so I don't think that's it. https://tools.ietf.org/html/rfc6265 cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E ; US-ASCII characters excluding CTLs, ; whitespace DQUOTE, comma, semicolon, ; and backslash --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
