-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 4/19/2011 6:53 PM, André Warnier wrote: > Getting back to the original issue, Thomas seems to be right when he > says that if the cookie path is set to /foo, the browser will return it > also for URLs such as /foobar and /foofoo. > From the Cookie RFCs, i gather that the cookie path is taken as a > *prefix*, and /foo is a prefix of /foobar. Tomcat must be wrong, then. Here's my JSESSIONID Set-Cookie header for my app: Set-Cookie: JSESSIONID=3EAEDD21FDBE65751822A60E3EC7C947; Path=/mywebapp (note the lack of a trailing "/") I think you are interpreting the spec wrong. http://www.ietf.org/rfc/rfc2109.txt: " 4.3.1 Interpreting Set-Cookie [...] Path Defaults to the path of the request URL that generated the Set-Cookie response, up to, but not including, the right-most /. " All of the examples in the RFC use paths of the form "/foo" with no trailing "/", so I suspect that there is an implied trailing "/" on the path attribute. The RFC says "prefix" everywhere but I believe in this context it means "path-prefix" and not "string-prefix", which implies a path separator between the prefix and whatever comes after it (or with /nothing/ after the path-prefix, which is probably why they don't have trailing "/" characters). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2u7HUACgkQ9CaO5/Lv0PAQlwCdEvxZ7qu4RCE0hhjwkj2FgEm9 sB0Anj7txTVztmDXVQ5n2Naea28PMaye =y3zQ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
