Comments (8)
- Issue Imported From: https://github.com/javaee/servlet-spec/issues/37
- Original Issue Raised By:@glassfishrobot
- Original Issue Assigned To: @shingwaichan
from servlet.
@glassfishrobot Commented
Reported by gregwilkins
from servlet.
@glassfishrobot Commented
gregwilkins said:
Actually my example of a , in the cookie value is wrong, as although google appears do be doing that, it is not allowed by RFC6265.
However, I do believe it is worthwhile reviewing the Cookie class and other cookie related parts of the spec against the latest RFC.
from servlet.
@glassfishrobot Commented
markt_asf said:
My experience has been that no matter what cookie specification is followed by the container, there will be a client or application that can't handle specification compliant values. We have had to add no end of hacks to Tomcat's cookie handling to allow checks to be bypassed to enable stuff to actually work. For example, anything that requires quoting (such as using commas in values) is often not handled correctly if it is quoted.
There is a clear unwillingness on the part of some browser vendors to adhere to the cookie specifications and no sign of this being a something that causes users to migrate to a more standards compliant browser.
I don't particularly like the situation that has lead to RFC 6265 (I would have preferred to see user demand driving browser compliance but that hasn't happened) but RFC 6265 is probably the best option since it is closer to what is actually happening than anything else. That said, I suspect container vendors will still need to add additional options to bypass some checks.
from servlet.
@glassfishrobot Commented
@shingwaichan said:
Adding it to the bucket of FUTURE_RELEASE
from servlet.
@glassfishrobot Commented
markt_asf said:
Ping. This really needs to get into Servlet 4.0
from servlet.
@glassfishrobot Commented
christopherschultz said:
+1 for updating and clarifying the spec. If Servlet 4.0 still contains a requirement to support RFC2019 (and nothing more recent), then the Java ecosystem will continue to suffer this confusion for another few years.
from servlet.
@glassfishrobot Commented
This issue was imported from java.net JIRA SERVLET_SPEC-37
from servlet.
Related Issues (20)
- Descriptor example in Servlet 6.0 doc is bad HOT 2
- TCK: HttpUpgradeHandler test incorrectly assumes reading of buffered POST data HOT 3
- bad javadoc for sessionIdChanged
- AsyncListener question HOT 1
- Clarify Cookie attribute behavior for empty and null values HOT 4
- TCK: Need to add the signature tests HOT 1
- jakarta.servlet-api.jar MANIFEST.MF contains path to builder's current directory HOT 6
- Need to update schema for 6.1.0 release HOT 1
- Servlet 6.1.0 - Tomcat 11.0.0-M19-SNAPSHOT certification request HOT 1
- New home for HttpServletRequest injection requirements
- tests should not be in the jakarta package HOT 6
- ServletResponse.setCharacterEncoding(CharSet encoding) throws NullPointerException if encoding is null
- Blocker for starting EE 11 ballot: TCK user guide, and two folders with a tck-runtime.jar and a tck-utils.jar. I guess an assembly file is needed to create a zip file with those two artefacts, and then we have to add a basic user guide still. HOT 1
- Servlet 6.1.0 - Tomcat 11.0.0-M20 certification request HOT 5
- ServletSecTestServlet imports org.slf4j.Logger but test war doesn't include sl4j HOT 6
- Servlet 6.1.0 - Tomcat 11.0.0-M20 certification request HOT 3
- Finalize the release of Jakarta Servlet 6.1 HOT 7
- Circular dependency between AttributeConverter and JPA HOT 1
- TCK for Servlet 6.1 invalid error code in servlet.tck.api.jakarta_servlet_http.httpservletresponse HOT 2
- TCK for servlet 6.1 servlet/tck/spec/serverpush /ServerPushTests#serverPushCookieTest HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from servlet.