Filip Hanik - Dev Lists wrote:
Mark Thomas wrote:
Filip Hanik - Dev Lists wrote:
actually, IE only supports quoting of the value for v0 cookies.
honestly, I wasn't up for the backwards compatible fix, but since it
turns out that most folks use v0 cookies with v1 values, this is an
evil must.
without the below fix, every single JSESSIONID cookie will not work
on IE.
That's not good.
I've looked at this again and the real problem is that maybeQuote2()
may change the cookie version but we only check the return value when
calling maybeQuote2() for the value. We need to check the return value
every time we call maybeQuote2(). I have an alternative patch which
I'll add to the status file.
I don't think that we should change the cookie version simply because
"/" is the path, that doesn't sound right, nor is it required by spec.
Very true.
I'd rather just do the switch upon values containing funky
characters...if at all, and maybe just follow spec, and not allow the
bad v0 values at all, like the original fix was.
The version switch is activated by a greater set of characters than it
really needs to be. I should be able to modify my patch to only switch when
there are characters in a v1 cookie that will cause problems. I'll try and
look at this tomorrow - it is getting late here ;)
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
