THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
indent |
---|
Invalid syntax will result in a user-data log entry and cookies being dropped rather than throwing of an IAE. Application impact is that requests with an invalid Cookie header will now be dispatched to the application.
|
- *
indent |
---|
*Alternative P3a:* Ensure that the "Dropping a cookie" means an invalid cookie headerwill isnot availableappear forin the list returned by [HttpServletRequest]#getCookies(). An application will still be able to parse manually access the original Cookie header and may perform its own parsing. |
P4 Ensure that the cookie header is always available for the application to parse manually.::
- *
indent |
---|
Stop modifying the header in-situ as part of the de-escaping process so that an application can elect to perform its own parsing by calling getHeader("Cookie"). Eliminate the need for the PRESERVE_COOKIE_HEADER property that currently controls whether a copy of the header is made if modifications are needed. Perform de-escaping during the copy needed to convert the [MessageBytes] to the String in Cookie#value, possibly during any conversation process needed to handle UTF-8.
|
Impact of proposal on existing issues
...