I would like to make this change as this is the only time we can make
this change until the next release of the spec. It makes the API
compliant with the underlying HTTP specs.
- Rajiv
Jan Luehe wrote:
Hi Ken,
On 11/05/09 17:37, Ken Paulsen wrote:
Hi Jan,
You made a change to Cookie.java which restricted certain characters
from a cookie name:
svn diff -r26092:33813 Cookie.java
- // Note -- disabled for now to allow full Netscape compatibility
- // from RFC 2068, token special case characters
- //
- // private static final String tspecials =
"()<>@,;:\\\"/[]?={} \t";
+ private static final String tspecials = "/()<>@,;:\\\"[]?={}
\t";
- private static final String tspecials = ",; ";
Woodstock uses "/" in one of the cookie they set. This is resulting in
our UI not functioning correctly (P2 issue filed: #10850 which is
blocking testing).
Is this change necessary? If so we're going to have to release a new
version of Woodstock to fix this, which I would really prefer to avoid.
Let me know!
In javax.servlet.http.Cookie, we've expanded the list of "special"
cookie
chars from
private static final String tspecials = ",; ";
to
private static final String tspecials = "/()<>@,;:\\\"[]?={}
\t";
This was requested by the Servlet EG in order to become compliant with
the HTTP 1.1 spec, see Section 2.2 ("Basic Rules") of RFC 2616, which
has the following:
Many HTTP/1.1 header field values consist of words separated by LWS
or special characters. These special characters MUST be in a quoted
string to be used within a parameter value (as defined in section
3.6).
token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
See how the new definition of "tspecials" in Cookie.java matches the
definition of "separators" in the HTTP 1.1 spec.
Not sure how to handle this regression ...
Jan
Thanks,
Ken