realta wrote: > I've recently had to upgrade from Tomcat5.5.20 to Tomcat5.5.27. For the main > functionality of the web application to work it needs to process a UTF8 > encoded cookies to retrieve user customizations. There was no issue with the > 5.5.20 version, but the 5.5.27 version is not processing the UTF8 encoded > cookie. It looks like 5.5.27 version is ignoring the UTF8 cookies. > > I did find a bug report saying the security around cookie handling has > become stricter from Tomcat5.5.26 onwards. Could anybody point me in the > right direction of a spec that outlines the correct encoding to use on > cookies that Tomcat5.5.26 and greater will accept?
https://issues.apache.org/bugzilla/show_bug.cgi?id=44679 covers most of the discussion - just skip over the various rants. You'll be better off with 5.5.28. I'm fairly sure more cookie handling patches were ported across. If the cookie is set and used from within your app, you *should* be fine. If you have a case where that doesn't appear to be working let us know. If the cookie is set by a third party app, then that app may need to change to be compliant with the cookie specs. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
