You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by BugRat Mail System <to...@cortexity.com> on 2001/01/22 04:48:11 UTC

BugRat Report #816 has been filed.

Bug report #816 has just been filed.

You can view the report at the following URL:

   <http://znutar.cortexity.com/BugRatViewer/ShowReport/816>

REPORT #816 Details.

Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: high
Severity: serious
Confidence: public
Environment: 
   Release: 3.2.1
   JVM Release: -
   Operating System: -
   OS Release: -
   Platform: -

Synopsis: 
Cookie attributes not handled for cookies in Request

Description:
Tomcat does not look for or process the $Version, $Path and $Domain attributes for cookies sent from the user agent to the server, as per RFC 2109.

Further, Tomcat does not check for invalid cookie names in cookies sent from the user agent to the server (such as "Path") which can cause requests to fail when badly formed cookies are sent.

Source Reference org.apache.tomcat.util.RequestUtil