Hello, We are migrating to the version of tomcat identified in the subject and during our testing we ran into an issue with an external automated client used to submit specialized requests to your web application. It was failing to connect because it was submitting cookies with version set to 0.
I have read through the documentation and found that configuring the legacy processor does resolve this issue. Now, I know this is only a work around as the "spec" being used by this client is ancient. We are considering using the legacy parser as a stop-gap measure until we can update the external clients with a new version. My groups concern however is two fold: 1. What are the security and compatibility concerns when using the legacy processor 2. The header for LegacyCookieProcesor.java explicitly states: "This class is not thread-safe." Can someone here with background knowledge explain exactly whats not thread-safe about the processor? Does this mean you cannot use it for multiple simultaneous requests (pretty hindering for a server) or does this mean that you cannot have multiple threads parse the cookie contents of a request in parallel (which isn't a very normal thing to do)? Any advice would be appreciated. Thanks, -Jared --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
