...
Issue | Current behaviour (8.0.0-RC10/7.0.50) | Proposed new behaviour | Strict Servlet (Netscape + RFC2109) | RFC 6265 |
0x80 to 0xFF in cookie value (Bug 55917) | IAE | TBD | TBD | TBD |
CTL allowed in quoted cookie values (Bug 55918) | Allowed | TBD | TBD | TBD |
Quoted values in V0 cookies (Bug 55920) | Quotes removed | TBD | TBD | TBD |
Raw JSON in cookie values (Bug 55921) | TBD | TBD | TBD | TBD |
Allow equals in value | Not by default. Allowed if property set. | TBD | Netscape is ambiguous. RFC2109 requires quoting. | TBD |
Allow separators in V0 names and values | Not by default. Allowed if property set. | TBD | TBD | TBD |
Always add expires | Enabled by default. Disabled by property. | TBD | TBD | TBD |
/ is separator | Enabled by default. Disabled by property. | TBD | TBD | TBD |
Strict naming | Enabled by default. Disabled by property. | TBD | TBD | TBD |
Allow name only | Disabled by default. Enabled by property. | TBD | TBD | TBD |
Issues to add to the table above
- = character in cookie value
- Any further issues raised on mailing lists Each of the issues for which a system property was created
Generating the Set-Cookie header by Tomcat
...