Closed markt-asf closed 2 years ago
The forced push was just a re-base with a minor conflict resolved in the unit test.
I'm intending to leave this PR open for further comment while I work on updating Tomcat to remove RFC 2109 support. I'm not expecting that to identify that further changes are required to this PR but you never know - and it gives folks more time to review the PR.
The forced pushed includes the following:
In summary:
The reason I am proposing this for 6.0 as that I started to look at the TCK and noted that Tomcat's "pass the TCK" mode included various settings for use RFC 2109 rather than RFC 6265. I also recall a TCK challenge caused by the Javadoc continuing to refer to RFC 2109. It struck me that we really should try and get this into 6.0.
The changes turned out to be fairly minimal. Effectively disabling version should have minimal effect as RFC 2965 was never really implemented by any browser.
Reducing the restrictions on cookie names should safe as well.