You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/06/20 10:42:52 UTC
svn commit: r1749296 - in /tomcat/trunk: java/javax/servlet/http/Cookie.java
webapps/docs/changelog.xml webapps/docs/config/systemprops.xml
Author: markt
Date: Mon Jun 20 10:42:52 2016
New Revision: 1749296
URL: http://svn.apache.org/viewvc?rev=1749296&view=rev
Log:
Follow-up to https://bz.apache.org/bugzilla/show_bug.cgi?id=59655
Improve the documentation for configuring permitted cookie names
Patch provided by Kyohei Nakamura
Modified:
tomcat/trunk/java/javax/servlet/http/Cookie.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/systemprops.xml
Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/Cookie.java?rev=1749296&r1=1749295&r2=1749296&view=diff
==============================================================================
--- tomcat/trunk/java/javax/servlet/http/Cookie.java (original)
+++ tomcat/trunk/java/javax/servlet/http/Cookie.java Mon Jun 20 10:42:52 2016
@@ -48,9 +48,8 @@ import java.util.ResourceBundle;
* cache pages that use cookies created with this class. This class does not
* support the cache control defined with HTTP 1.1.
* <p>
- * This class supports both the Version 0 (by Netscape) and Version 1 (by RFC
- * 2109) cookie specifications. By default, cookies are created using RFC6265
- * to ensure the best interoperability.
+ * This class supports both the RFC 2109 and the RFC 6265 specifications.
+ * By default, cookies are created using RFC 6265.
*/
public class Cookie implements Cloneable, Serializable {
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1749296&r1=1749295&r2=1749296&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jun 20 10:42:52 2016
@@ -74,6 +74,10 @@
caused when a Servlet is mapped to <code>/*</code> are more significant
than the security risk of not enabling this option by default. (markt)
</update>
+ <fix>
+ Follow-up to <bug>59655</bug>. Improve the documentation for configuring
+ permitted cookie names. Patch provided by Kyohei Nakamura. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
Modified: tomcat/trunk/webapps/docs/config/systemprops.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/systemprops.xml?rev=1749296&r1=1749295&r2=1749296&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/trunk/webapps/docs/config/systemprops.xml Mon Jun 20 10:42:52 2016
@@ -340,9 +340,9 @@
<property name="org.apache.tomcat.util.http. ServerCookie.STRICT_NAMING">
<p> If this is true then the requirements of the Servlet specification
- that Cookie names must adhere to RFC2109 (no use of separators) will be
- enforced. If this is false the the naming rules specified in RFC6265 will
- be used.</p>
+ that Cookie names must adhere to RFC2109 will be enforced. If this is
+ false the the naming rules specified in RFC6265 (allow the leading "$")
+ will be used.</p>
<p>If <code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set to
<code>true</code>, the default of this setting will be <code>true</code>,
else the default value will be <code>false</code>.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org