Hello,
well I am by no means an expert on this, just read it in Python comments.
So, it is RFC 2109 section 4.1 that describes the syntax of cookies (token=word;...) and refers to RFC 2068 to see what the definition of token is (sequence of non-whitespace, non-special characters). Sorry that I didn't mention the 2109 part.
And in 2068, 2.2 Basic Rules, they list what special characters are:
Many HTTP/1.1 header field values consist of words separated by LWS
or special characters. These special characters MUST be in a quoted
string to be used within a parameter value.
token = 1*<any CHAR except CTLs or tspecials>
tspecials = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
Best regards,
Aa`Koshh
Results 1 to 7 of 7
Hybrid View
-
June 25th, 2010, 03:01 PM #1Member
- Join Date
- Jun 2010
- Location
- Budapest
- Posts
- 4
-
June 25th, 2010, 05:18 PM #2Power Member
- Join Date
- Jul 2006
- Location
- Cesano Maderno, Italy
- Posts
- 784
Thank you very much for pointing the issue out, you're right, those special characters should not be used unless quoted as cookie values and can't be used at all as cookie names.
We'll correct this issue with our next release, in the meanwhile send me a PM if you need the updated library sooner.
PS: note that RFC 2109 was substituted by RFC 2965 and that 2068 was substituted by 2616, btw the quoted parts were not changed.
-
June 27th, 2010, 12:52 PM #3Member
- Join Date
- Jun 2010
- Location
- Budapest
- Posts
- 4
Glad I could be of help. For now I'm fine with modifying the web servers cookie parsing routine, so that it does not choke on unexpected inputs, but thanks for the support!
Bests,
Aa`Koshh
Reply With QuoteSimilar Threads
-
Odd problem with cookies
By BKnight in forum Client SDKsReplies: 1Last Post: October 4th, 2010, 09:39 AM
Bookmarks