THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
The domain value is converted to lower case (per Locale.ENGLISH) when set as "IE allegedly needs this."
HttpServletRequest
...
HttpServletResponse
This is typically implemented by o.a.c.connector.Response whose addCookie method delegates generation of the Set-Cookie header to o.a.t.util.http.ServerCookie#appendCookieValue. This first appends the name (relying on checks performed by Cookie), "=" and then the value using RFC2109 quoting rules:
- if the value is null or empty, append empty quoted-string ""
- if the value starts and ends with '"', output as is after escaping any '"' characters between the outer quotes
- if ALLOW_HTTP_SEPARATORS_IN_V0 is false and the value contains a RFC2616 separator, output as a quoted-string after escaping '"' and force Version=1
- if ALLOW_HTTP_SEPARATORS_IN_V0 is true and the value contains a Netscape separator, output as a quoted-string after escaping '"' and force Version=1
- otherwise, output as is
Netscape separators are {',', ';', ' ', '\t'}
RFC2616 separators by default do not include "/" unless FWD_SLASH_IS_SEPARATOR is set (or implied by STRICT_SERVLET_COMPLIANCE). Characters outside the set { HT, 0x20..0x7E } will result in a IllegalArgumentException when the check for token characters is performed.
The same quoting rules are applied when outputting any Domain or Path value.
If maxAge >=, then the Max-Age attribute will be set for V1 cookies and the Expires attribute for V0 cookies. If the property ALWAYS_ADD_EXPIRES is true then Expires will also be set for V1 cookies.
Issues::
- *
| indent |
|---|
relies on the browser supporting RFC2109 quoting rules when Version=1 (most apply Netscape rules)
|
- *
| indent |
|---|
Domain is not strictly checked
|
- *
| indent |
|---|
Path is quoted using the same rules as Value; browsers treat them differently (e.g. IE treats quoted paths as invalid)
|
Proposed Implementation
TBD
...