Summary: | The CookieNameValidator has issue that related to the consistency | ||
---|---|---|---|
Product: | Tomcat 9 | Reporter: | Kyohei Nakamura <nakamura.kyohei.lab> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | unspecified | ||
Target Milestone: | ----- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: | patch against trunk |
Description
Kyohei Nakamura
2016-06-02 08:35:19 UTC
The CookieNameValidator can not be set per web application since it is set in the specification implementation and can, therefore, only be set globally. I have changed the default to the RFC6265 validator and restored the section of the docs that describe the STRICT_NAMING property. The fix has been applied to 9.0.x for 9.0.0.M7 onwards and 8.5.x for 8.5.3. onwards. Created attachment 33955 [details]
patch against trunk
Hi Mark,
Thank you for the fix.
I think this fix of changing the default to the RFC6265Validator and restoring the description of STRICT_NAMING system property is correct, but the Javadoc of javax.servlet.http.Cookie and the description of STRICT_NAMING system property have not been updated.
I have attached the patch.
Thanks. Docs update for 9.0.x and 8.5.x. The patch will be in 9.0.0.M9 and 8.5.4 onwards. |