DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25264>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25264 Cookie rejected ------- Additional Comments From [EMAIL PROTECTED] 2003-12-09 09:13 ------- > I've also noticed that the current domain match implementation matches > "y.x.foo.com" with ".foo.com", though this is explicitly disallowed in > the RFC. We need to fix this one for sure. Mike, In RFC2109 cookie spec domain match is implemented correctly. However, in browser compatibility mode I do not think we should change the way domains are matched, as the RFC compliance was relaxed a year ago precisely in order to mimic the logic (or lack thereof) of mainstream browsers. Someone even took a look at Mozilla's source code to double-check on that. Roland, I still must have a dormant Sourceforce account. I'll take a closer look at the Sourceforce login procedure and provide a patch for our browser compatibility cookie spec if required Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
