You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Tim Funk <fu...@joedog.org> on 2003/03/03 15:00:06 UTC
Cookie.setDomain should throw exception with bad domain arg?
In the javadocs, Cookie.setDomain() says:
The form of the domain name is specified by RFC 2109.
Where RFC 2109 says:
Domain=domain
Optional. The Domain attribute specifies the domain for which the
cookie is valid. An explicitly specified domain must always start
with a dot.
And the code for setDomain() - for tomcat 4,5:
public void setDomain(String pattern) {
domain = pattern.toLowerCase(); // IE allegedly needs this
}
Shouldn't an exception be thrown since the incoming domain is not RFC
2109 compliant? But that may break a lot of code. (including mine) I
discovered this accidently when HttpClient yelled at me when my
webserver was passing bad domains back.
-Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org