On 26/04/17 19:07, Christopher Schultz wrote: <snip/>
> The log message says that the value of the cookie is > "mqpp=1,kiosk=true" (without the quotes). > > The offending character (decimal 44... I was surprised it wasn't a hex > value) is a comma. I think either the Cookie class or Tomcat is > mis-managing my cookie value. I was expecting Cookie/Tomcat to just > "make it work" regardless of the value I tried to put into the cookie. > > This has worked without any problems prior to Tomcat 8.5.x. > > The javadoc for Cookie.setVersion says that when version=1, cookie > values should confirm to 2109, but since Tomcat is now using RFC 6265 > perhaps there is conflict between the two? In short, yes there is a conflict. RFC 6265 does not permit ',' (and a bunch of other characters) to be used in the value and provides no escape or encoding syntax for including these characters. RFC 2109 allows quoted string to be used. In this Tomcat can (and will) do what needs to be done to make the cookie value 'just work'. > Is there a way I can make both javax.servlet.http.Cookie and Tomcat > 8.5.x+ happy? I can easily manually-quote this cookie value in > whatever way is required. You could switch to the LegacyCookieProcessor. Other than that, you'd need to find a different delimited for the values in you Cookie. > Or is this a bug in either j.s.h.Cookie or Tomcat's RFC 6265 validator > (or a combination of the two)? The RFC 6265 spec (and hence CookieProcessor) is (arguably) not fully compliant with the Servlet spec. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
