Invalid Cookie Names for persistence used according to RFC (doesn't work in
tomcat 6.x)
---------------------------------------------------------------------------------------
Key: WICKET-1834
URL: https://issues.apache.org/jira/browse/WICKET-1834
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.4-M3
Reporter: Andreas Sahlbach
Wicket uses ":" to build up the cookie name out of different components
(e.g."signInPanel:signInForm:username"). This violates the cookie spec (RFC
2965 and RFC 2616). According to this spec a cookie must be an av-pair
av-pairs = av-pair *(";" av-pair)
av-pair = attr ["=" value] ; optional value
attr = token
value = token | quoted-string
and token is:
token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
Note that the cookie name MUST be a token and a token MUST NOT contain ":"
That's why tomcat 6.x delivers (correctly with best guess) "signInPanel" as
cookie name for the above example.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
