Hi, This issue probably won't be given a great deal of attention. There's conflict between what the spec says, and what has actually been going on in the development world. The de facto reality is that people have been using = characters in cookies despite them being prohibited for a long time.
If you want this "netscape style" cookie to be valid and not quoted by tomcat, you should revert to the ServerCookie & Cookies code (org.apache.tomcat.util.http.*) from an earlier revision of the 5.5.x series (5.5.17 works - http://svn.apache.org/repos/asf/tomcat/connectors/tags/tc5.5.x/TOMCAT_5_5_17/util/java/org/apache/tomcat/util/http/) Be vigilant w.r.t. any bugs/security issues logged against that version. -CiarĂ¡n >-----Original Message----- >From: mateo-jl [mailto:mateo...@orange.fr] >Sent: 18 June 2009 14:07 >To: users@tomcat.apache.org >Subject: Cookies handling issue > >Hi everybody, > >recently i've reported a problem, which wasn't a new one, related to the >encoding base64 within cookies ("=" separator ... only at reading : >request.getCookies) . >I was responded that this problem will probably be corrected with >Tomcat 6.0.19 or 6.0.20 and 5.5.28. The last one is not yet released and >in the 6.0.20 I do not see any patch for this problem. >Do you think that it will be corrected ? > >Thank you > >JLM -------------------------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. Morgan Stanley may monitor and store emails to the extent permitted by applicable law.
