Message74511
| Author |
andresriancho |
| Recipients |
akuchling, andresriancho, jjlee, sirilyan |
| Date |
2008年10月08日.03:08:01 |
| SpamBayes Score |
7.38859e-05 |
| Marked as misclassified |
No |
| Message-id |
<1223435284.45.0.175239932546.issue1028088@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Sorry to bother you guys after so much time, but I think that there is
at least one bit of the RFC that isn't respected by this "name=value"
thing... If we look at the RFC we'll see this:
cookie-av = "Comment" "=" value
| "Domain" "=" value
| "Max-Age" "=" value
| "Path" "=" value
| "Secure"
| "Version" "=" 1*DIGIT
As you may have noticed, "Secure" doesn't have any values. Also, (but
out of the RFC) there is a commonly used cookie flag named "HttpOnly"
[0], which would be nice to correctly parse also.
Should _CookiePattern be modified to address this issue?
[0] http://www.owasp.org/index.php/HTTPOnly |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2008年10月08日 03:08:04 | andresriancho | set | recipients:
+ andresriancho, akuchling, jjlee, sirilyan |
| 2008年10月08日 03:08:04 | andresriancho | set | messageid: <1223435284.45.0.175239932546.issue1028088@psf.upfronthosting.co.za> |
| 2008年10月08日 03:08:03 | andresriancho | link | issue1028088 messages |
| 2008年10月08日 03:08:02 | andresriancho | create |
|