Summary: | Regression: Cookies whose names match the web application context are now missing from request.getCookies() result | ||
---|---|---|---|
Product: | Tomcat 8 | Reporter: | Réda Housni Alaoui <reda.housnialaoui> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | blocker | ||
Priority: | P2 | ||
Version: | 8.5.5 | ||
Target Milestone: | ---- | ||
Hardware: | PC | ||
OS: | Linux |
Description
Réda Housni Alaoui
2016-10-05 22:01:22 UTC
As of Tomcat 8.5.x, cookies are processed as per RFC6265. '/' is not a valid character for a cookie name in RFC6265 so the cookie will be ignored. You have the option of fixing the broken cookie or configuring Tomcat to use the legacy cookie parser. Further support is available from the Tomcat users mailing list. Hello, Ok I understand. But why does Tomcat 8.5.5 correctly create the cookie with '/' in its name when the application asks it? Don't you think an exception should be thrown at cookie creation in this case? I think this behaviour lack of consistency. Agreed. Generation and parsing should be consistent. '/' was an edge case that wasn't handled correctly. I'll get that fixed. This has been fixed in the following branches: - 9.0.x for 9.0.0.M11 onwards - 8.5.x for 8.5.6 onwards Thank you |