- From: Mark Thomas <markt@apache.org>
- Date: Tue, 30 Jul 2024 13:42:10 +0100
- To: ietf-http-wg@w3.org
Hi all, I've been looking at the changes in RFC 6265 for possible impact on the Jakarta Servlet specification and the associated implementations (primarily Apache Tomcat). The change of the definition of cookie-name from token to 1*cookie-octet means that it is now possible to have an '=' (equals) character in a cookie name. This has the potential to cause issues as a cookie set with a name of "a=b" and a value of "c" will be interpreted by the user agent as having a name of "a" and a value of "b=c". I did check the archives but couldn't find this specific issue being discussed anywhere. If I missed it I apologise and would appreciate a reference to the discussion. If I haven't missed a previous discussion, I assume the correct thing to do would be to raise an issue in GitHub. Is that correct? Thanks, Mark
Received on Tuesday, 30 July 2024 12:42:16 UTC