Invalid Cookie Names for persistence used according to RFC (doesn't work in tomcat 6.x) ---------------------------------------------------------------------------------------
Key: WICKET-1834 URL: https://issues.apache.org/jira/browse/WICKET-1834 Project: Wicket Issue Type: Bug Components: wicket Affects Versions: 1.4-M3 Reporter: Andreas Sahlbach Wicket uses ":" to build up the cookie name out of different components (e.g."signInPanel:signInForm:username"). This violates the cookie spec (RFC 2965 and RFC 2616). According to this spec a cookie must be an av-pair av-pairs = av-pair *(";" av-pair) av-pair = attr ["=" value] ; optional value attr = token value = token | quoted-string and token is: token = 1*<any CHAR except CTLs or separators> separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT Note that the cookie name MUST be a token and a token MUST NOT contain ":" That's why tomcat 6.x delivers (correctly with best guess) "signInPanel" as cookie name for the above example. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.