https://issues.apache.org/bugzilla/show_bug.cgi?id=49000
Mark Thomas <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement --- Comment #2 from Mark Thomas <[email protected]> 2010-04-04 15:38:49 UTC --- Hmm. Neither of those two cookies are valid since both name and value are mandatory. Tomcat 6 (and probably earlier) has allowed what is referred to in the code as name only cookies. I think this is another candidate for a cookie configuration option in Tomcat 7 (ALLOW_NAME_ONLY_COOKIES ?) that defaults to false and rejects these invalid cookies. In terms of what this option does allow, since we are outside the spec, we can choose what we want to allow and disallow. I quite like the current allow 'name' but not 'name=' as the latter looks like an error whilst the first looks an attempt to have a name only cookie. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
