https://issues.apache.org/bugzilla/show_bug.cgi?id=57044
Bug ID: 57044
Summary: [PatchAvailable] Use base64url in mod_unique_id ('_'
instead of '@')
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_unique_id
Assignee: [email protected]
Reporter: [email protected]
Created attachment 32070
--> https://issues.apache.org/bugzilla/attachment.cgi?id=32070&action=edit
Use base64url in mod_unique_id
mod_unique_id should use the '_' character instead of the '@' character to
encode request IDs. This means switching to base64url (as specified in RFC
4648).
The main reason for this change is that the '@' character causes problems when
used in cookie values: Recent Tomcat versions crop cookie values at the first
'@', because it is a "token separator" in HTTP (see
http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html ,
ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0 ).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
