Hi Ken,
On 11/05/09 17:37, Ken Paulsen wrote:
>
> Hi Jan,
>
> You made a change to Cookie.java which restricted certain characters
> from a cookie name:
>
> svn diff -r26092:33813 Cookie.java
> - // Note -- disabled for now to allow full Netscape compatibility
> - // from RFC 2068, token special case characters
> - //
> - // private static final String tspecials =
> "()<>@,;:\\\"/[]?={} \t";
> + private static final String tspecials = "/()<>@,;:\\\"[]?={} \t";
>
> - private static final String tspecials = ",; ";
>
> Woodstock uses "/" in one of the cookie they set. This is resulting
> in our UI not functioning correctly (P2 issue filed: #10850 which is
> blocking testing).
>
> Is this change necessary? If so we're going to have to release a new
> version of Woodstock to fix this, which I would really prefer to avoid.
>
> Let me know!
In javax.servlet.http.Cookie, we've expanded the list of "special" cookie
chars from
private static final String tspecials = ",; ";
to
private static final String tspecials = "/()<>@,;:\\\"[]?={} \t";
This was requested by the Servlet EG in order to become compliant with
the HTTP 1.1 spec, see Section 2.2 ("Basic Rules") of RFC 2616, which
has the following:
Many HTTP/1.1 header field values consist of words separated by LWS
or special characters. These special characters MUST be in a quoted
string to be used within a parameter value (as defined in section
3.6).
token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
See how the new definition of "tspecials" in Cookie.java matches the
definition of "separators" in the HTTP 1.1 spec.
Not sure how to handle this regression ...
Jan
>
> Thanks,
>
> Ken
>
>