Different issue; different response.
Bill Barker wrote:
"Nick Kew" <[EMAIL PROTECTED]> wrote in message
-1. Semicolon is a perfectly valid character in a session-id, so that
risks breaking other apps. The fact that Tomcat treats it as a
separator doesn't commit other appservers to do the same.
No, an un-escaped semicolon is a reserved character by RFC 2396, section
2.2. Since RFC 2616 section 3.2.1 uses 2396 as a reference, then an
un-escaped semicolon isn't valid in a session-id.
No, reserved characters are ***perfectly acceptable*** in the uri without
escaping; c.v.
2. URI Characters and Escape Sequences
URI consist of a restricted set of characters, primarily chosen to
aid transcribability and usability both in computer systems and in
non-computer communications. Characters used conventionally as
delimiters around URI were excluded. The restricted set of
characters consists of digits, letters, and a few graphic symbols
were chosen from those common to most of the character encodings and
input facilities available to Internet users.
uric = reserved | unreserved | escaped
...
reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
"$" | ","
...
unreserved = alphanum | mark
mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
