-
June 25th, 2010, 03:01 PM
#1
Hello,
well I am by no means an expert on this, just read it in Python comments.
So, it is RFC 2109 section 4.1 that describes the syntax of cookies (token=word;...) and refers to RFC 2068 to see what the definition of token is (sequence of non-whitespace, non-special characters). Sorry that I didn't mention the 2109 part.
And in 2068, 2.2 Basic Rules, they list what special characters are:
Many HTTP/1.1 header field values consist of words separated by LWS
or special characters. These special characters MUST be in a quoted
string to be used within a parameter value.
token = 1*<any CHAR except CTLs or tspecials>
tspecials = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
Best regards,
Aa`Koshh
-
June 25th, 2010, 05:18 PM
#2
Thank you very much for pointing the issue out, you're right, those special characters should not be used unless quoted as cookie values and can't be used at all as cookie names.
We'll correct this issue with our next release, in the meanwhile send me a PM if you need the updated library sooner.
PS: note that RFC 2109 was substituted by RFC 2965 and that 2068 was substituted by 2616, btw the quoted parts were not changed.
-
June 27th, 2010, 12:52 PM
#3
Glad I could be of help. For now I'm fine with modifying the web servers cookie parsing routine, so that it does not choke on unexpected inputs, but thanks for the support!
Bests,
Aa`Koshh
Similar Threads
-
By BKnight in forum Client SDKs
Replies: 1
Last Post: October 4th, 2010, 09:39 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
All times are GMT +1. The time now is 01:13 AM.
Bookmarks