You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Liang Sun (Issue Comment Edited) (JIRA)" <ji...@apache.org> on 2012/02/07 14:50:59 UTC
[jira] [Issue Comment Edited] (HTTPCLIENT-1006) BrowserCompatSpec:
don't trim " around cookie value
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13202377#comment-13202377 ]
Liang Sun edited comment on HTTPCLIENT-1006 at 2/7/12 1:49 PM:
---------------------------------------------------------------
According to RFC2109,
word = token | quoted-string
the value can be quoted string.
In the History Chapter of RFC2109:
In Netscape's original proposal, the values in attribute-value pairs
did not accept "-quoted strings. Origin servers should be cautious
about sending values that require quotes unless they know the
receiving user agent understands them (i.e., "new" cookies). A
("new") user agent should only use quotes around values in Cookie
headers when the cookie's version(s) is (are) all compliant with this
specification or later.
That means the value can be quoted string if you count for "old" cookies. Actually, we have been using "new" cookies for a long time. So that's not a problem.
I agree with Marc. and consider this is bug. Actually, we frustrated in our development due to this bug. Fortunately, we solved it at last.
was (Author: alazyrabbit):
According to RFC2109,
word = token | quoted-string
the value can be quoted string.
In the History Chapter of RFC2109:
In Netscape's original proposal, the values in attribute-value pairs
did not accept "-quoted strings. Origin servers should be cautious
about sending values that require quotes unless they know the
receiving user agent understands them (i.e., "new" cookies). A
("new") user agent should only use quotes around values in Cookie
headers when the cookie's version(s) is (are) all compliant with this
specification or later.
That means the value can be quoted string if you count for "old" cookies. Actually, we have been using "new" cookies for a long time. So that's not a problem.
I agree with Marc. and consider this is bug. Actually, we frustrated in our development due to this bug. Fortunately, we found it at last.
> BrowserCompatSpec: don't trim " around cookie value
> ---------------------------------------------------
>
> Key: HTTPCLIENT-1006
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1006
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Affects Versions: 4.0.2
> Reporter: Marc Guillemot
>
> If the server sends a cookie header like:
> Set-Cookie: first="hello world"
> then HttpClient parses it as cookie with value >hello world<, wrongly removing the leading and trailing quotes. The incorrect quote removal occurs in BasicHeaderValueParser.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org