[WICKET-1834] Invalid Cookie Names for persistence used according to RFC (doesn't work in tomcat 6.x) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.4-M3
Fix Version/s: 1.3.5, 1.4-RC1
Component/s: wicket
Labels:
None

Description

Wicket uses ":" to build up the cookie name out of different components (e.g."signInPanel:signInForm:username"). This violates the cookie spec (RFC 2965 and RFC 2616). According to this spec a cookie must be an av-pair

av-pairs = av-pair *(";" av-pair)
av-pair = attr ["=" value] ; optional value
attr = token
value = token | quoted-string

and token is:

token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"

","	";"	":"	"\"	<">
"/"	"[" \| "]"	"?"	"="
" {" \| "} "	SP	HT

Note that the cookie name MUST be a token and a token MUST NOT contain ":"

That's why tomcat 6.x delivers (correctly with best guess) "signInPanel" as cookie name for the above example.

Attachments

Activity

People

Assignee:: Martijn Dashorst

Reporter:: Bla Bla

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/Sep/08 08:37

Updated:: 16/Sep/08 19:36

Resolved:: 16/Sep/08 19:36