[hunchentoot-devel] hunchentoot cookie-values - url-encode them or not
Hans Hübner
hans.huebner at gmail.com
Thu Feb 2 14:23:47 UTC 2012
On Thu, Feb 2, 2012 at 3:13 PM, Ralf Stoye <stoye at stoye.com> wrote:
> 1. The standard is RFC 6265, but many people are used to url-encode. url-encoding is the common answer on lists & discussion-groups.
> 2. I didn't expressed clearly that i also want Hunchentoot to validate AND throwing an error when validation fails.
> 3. The given http-cookie-value-p is wrong. (doesn't honor the fact that it is allowed to wrap the Token in Doubleqoutes (#x22).
> 4. your example shows that the decision is not a matter of performance versus simplicity, it's about correctness.
>
> So i vote for a correct implementation, validating the value and throwing an appropriate error.
I'll gladly merge a pull request with a patch that validates cookie
values set by the application!
-Hans
More information about the Tbnl-devel
mailing list