You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/10/06 00:20:16 UTC
[Bug 59703] RFC 6265 Cookie Processor doesn't allow cookie domains
with a leading dot.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59703
--- Comment #4 from jeremy@noskilz.com ---
It'd probably be good to have also included this as breaking backwards
compatibility. The widespread configuration documentation in the wild for
cookie subdomains that says to use the .example.com definition, means when 8.5
replaces 8.0 for what a repo delivers for tomcat8, it will fail.
In a situation where a new server is spinning up, grabs the new version of
tomcat 8.x available, and it doesn't do anything but throw 500 errors:
Some examples of implementing the legacy cookie handler in context.xml so that
this continues to work would be more helpful than the blurb about the change in
cookie handler that is in the migration guide.
In the current migration guide it also mentions nothing here about changes that
are not fully backwards compatibile:
-----
Tomcat 8.5.x noteable changes
The Tomcat developers aim for each patch release to be fully backwards
compatible with the previous release. Occasionally, it is necessary to break
backwards compatibility in order to fix a bug. In most cases, these changes
will go unnoticed. This section lists changes that are not fully backwards
compatible and might cause breakage when upgrading.
None.
-----
I found another thread about being willing to make changes to work with IE/Edge
browsers. I find it interesting that you are grudgingly willing to provide
more help to have that browser working outside of spec than a common context
configuration that will mitigate an issue for existing tomcat server operators
and admins.
Stripping the . and passing this as mentioned in the referenced email thread
would have been a pretty straightforward solution that would have made the
documentation of "None." actually true.
just do a search for information on: "tomcat cookie subdomain" and let me know
where you find configuration examples that don't have the leading .
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org