Message74511
Sorry to bother you guys after so much time, but I think that there is
at least one bit of the RFC that isn't respected by this "name=value"
thing... If we look at the RFC we'll see this:
cookie-av = "Comment" "=" value
| "Domain" "=" value
| "Max-Age" "=" value
| "Path" "=" value
| "Secure"
| "Version" "=" 1*DIGIT
As you may have noticed, "Secure" doesn't have any values. Also, (but
out of the RFC) there is a commonly used cookie flag named "HttpOnly"
[0], which would be nice to correctly parse also.
Should _CookiePattern be modified to address this issue?
[0] http://www.owasp.org/index.php/HTTPOnly |
|
Date |
User |
Action |
Args |
2008-10-08 03:08:04 | andresriancho | set | recipients:
+ andresriancho, akuchling, jjlee, sirilyan |
2008-10-08 03:08:04 | andresriancho | set | messageid: <1223435284.45.0.175239932546.issue1028088@psf.upfronthosting.co.za> |
2008-10-08 03:08:03 | andresriancho | link | issue1028088 messages |
2008-10-08 03:08:02 | andresriancho | create | |
|