DO NOT REPLY [Bug 6983] - SSL + Mac + IE5 = no session cookies

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6983>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6983

SSL + Mac + IE5 = no session cookies





------- Additional Comments From ben@goodtechnology.com  2003-03-19 09:01 -------
The analysis by Anders Rundgren is slightly incorrect, although he is on the
right track.  It would be good to see this issue resolved as I suspect it
affects a larger number of people than anyone realises - IE5 is the default
browser on MacOS 9.x, of which there are many installations out there.

As suggested in the patch from Jay Sissom, the problem is that IE5/Mac needs a
space between the ';' after the last parameter and 'Secure' parameter in the
cookie.  (The actual value of JSESSIONID that Anders suggested is irrelevent).

Although not expected by default, RFC2109 states that "White space is permitted
between tokens".  Therefore it will not affect other browsers, and we have
tested to confirm this.  We apply this patch to our live servers whenever
updating them, and it has fixed past reported problems, and not affected other
browsers.

So, please could this patch be folded into the main source tree?  It would make
my life a lot easier.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org