DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25264>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25264 Cookie rejected ------- Additional Comments From [EMAIL PROTECTED] 2003-12-09 05:18 ------- Oleg, I think we should make an attempt to be as forgiving as possible when in compatibility mode, with the exception of places where there are security considerations. I've been looking at the spec and the definition of the "domain-match" function is pretty vague. The general wisdom seems to indicate that "domain.com" should not match ".domain.com", but I think allowing it is pretty safe from a security standpoint. I've also noticed that the current domain match implementation matches "y.x.foo.com" with ".foo.com", though this is explicitly disallowed in the RFC. We need to fix this one for sure. Mike --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]