Message63038
OK, I see and agree there are no actually that standard
that we can call as a standard. But let me try to put in
the other way again:
1. This documentation refers to the same RFC2109:
http://docs.python.org/lib/module-Cookie.html
But the RFC is slightly older than next David's edition.
2. David M. Kristol's cookie overview also says that only comma,
semi-column and a space is not allowed.
Here you go: http://arxiv.org/abs/cs.SE/0105018
3. Java implements the *same* RFC2109 but supports a colon too,
as oppose to Python version. Here is the link to the source of
Tomcat 6 (the latest one):
http://www.google.com/codesearch?
hl=en&q=show:okuSsOjruck:iKnUOb7eVzc:kvBYp8tS5ms&sa=N&ct=rd&cs_p=ftp://apache.mirrors.pair.com/tomcat/tomcat-
6/v6.0.10/src/apache-tomcat-6.0.10-src.zip&cs_f=apache-tomcat-6.0.10-
src/java/javax/servlet/http/Cookie.java&start=1
As you can see, there is no 0x3a to be excluded. The snippet is:
-----------------------------------------------
private static final String tspecials = ",; ";
private boolean isToken(String value) {
int len = value.length();
for (int i = 0; i < len; i++) {
char c = value.charAt(i);
if (c < 0x20 || c >= 0x7f || tspecials.indexOf(c) != -1)
return false;
}
return true;
}
-----------------------------------------------
I agree, Java is not a standard, but yet another (buggy) language. :-)
Still it means something...
4. Perl module from CPAN does the same and allows a colon.
http://search.cpan.org/~gaas/libwww-perl-5.808/lib/HTTP/Cookies.pm
5. You probably refer to the old Netscape specs
(http://wp.netscape.com/newsref/std/cookie_spec.html) that
for instance allows to contain an unquoted "," in the expires
field, so usually new parser have to use special ad-hoc way to
get it right.
The difference between old format of cookies and new one is,
that cookie name begins with a $. So the old format expects
these cookies to be separated by semi-colon, not comma.
6. I am not very sure that tokens you are talking about are
referring to NAME of Set-Cookie NAME=VALUE pair. Because the
same section allows a white space between tokens, while it is
not very true. Moreover, braces etc *are* allowed. The reason
why comma, space and semi-colon are disallowed, because of
parser should know where it what. Other symbols parsers does
not care...
7. Maybe we should ask D.Kristol for this after all. :-)
Hm... What do you think? :) |
|
Date |
User |
Action |
Args |
2008-02-26 12:18:45 | BM | set | spambayes_score: 0.00657598 -> 0.006575977 recipients:
+ BM, jerry.seutter |
2008-02-26 12:18:45 | BM | set | spambayes_score: 0.00657598 -> 0.00657598 messageid: <1204028325.04.0.301053174916.issue2193@psf.upfronthosting.co.za> |
2008-02-26 12:18:44 | BM | link | issue2193 messages |
2008-02-26 12:18:42 | BM | create | |
|