On 17/07/2012 15:32, Michael McMahon wrote:

Thanks for reviewing this Chris. On the question of whether $ should be
allowed
in cookie names, it appears like that restriction has been removed from
RFC 6265,
which is evidently a fairly comprehensive description of actual cookie
usage on the web.
So, maybe we should just leave that out as well - assuming that it is
being used in places
(albeit in contravention of the older RFC). What do you think?

OK, if this change is intentional then that's fine. It just looked like a side effect.

-Chris.


- Michael

On 17/07/2012 14:18, Chris Hegarty wrote:
On 17/07/2012 10:17, Michael McMahon wrote:
Hi,

Could I get the following change reviewed please?

http://cr.openjdk.java.net/~michaelm/7183292/webrev.1/

Since 7u4, we are parsing all incoming cookies via the HttpCookie class.
This class has had a restriction on cookie names that is causing this
problem
and which is not required by any of the cookie specifications, as far as
I can see,
(rfc 2965, and 6265 which obsoletes 2965).

Right, this is my reading of the RFC's also. In fact, RFC 2965
explicitly states that "the NAME of a cookie MAY be the same as one of
the attributes in this specification".

The restriction was that cookie names could not be the same (case
insensitively)
as any of the attribute names (eg. Domain). So, the change is to remove
the restriction.

Yes, this makes sense to me.

One comment on the webrev is that isReserved also enforces that the
name cannot start with a '$', from 2965: "NAMEs that begin with $ are
reserved and MUST NOT be used by applications." I think you may need
to minimally reintroduce this. Otherwise, the changes look good to me.

-Chris.


Thanks,
Michael

Reply via email to