You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Tim Funk <fu...@joedog.org> on 2003/03/03 15:00:06 UTC

Cookie.setDomain should throw exception with bad domain arg?

In the javadocs, Cookie.setDomain() says:
The form of the domain name is specified by RFC 2109.

Where RFC 2109 says:
    Domain=domain
       Optional.  The Domain attribute specifies the domain for which the
       cookie is valid.  An explicitly specified domain must always start
       with a dot.

And the code for setDomain() - for tomcat 4,5:
     public void setDomain(String pattern) {
	domain = pattern.toLowerCase();	// IE allegedly needs this
     }


Shouldn't an exception be thrown since the incoming domain is not RFC 
2109 compliant?  But that may break a lot of code. (including mine) I 
discovered this accidently when HttpClient yelled at me when my 
webserver was passing bad domains back.

-Tim


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org