Thread: [Mod-security-developers] [JIRA] Resolved: (MODSEC-261) Cookies delimiter
Brought to you by:
victorhora,
zimmerletw
From: Breno S. P. (JIRA) <no...@mo...> - 2012-10-08 19:01:58
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Breno Silva Pinto resolved MODSEC-261. -------------------------------------- Resolution: Fixed Marc, Added a code that try to find the separator. It is working for me. Going to close this now. However if necessary we can re-open. Thanks > Cookies delimiter > ----------------- > > Key: MODSEC-261 > URL: https://www.modsecurity.org/tracker/browse/MODSEC-261 > Project: ModSecurity > Issue Type: Bug > Security Level: Normal > Components: Core > Reporter: Marc Stern > Assignee: Breno Silva Pinto > Fix For: 2.7.0 > > > Some (?) user-agents (at least BlackBerry) delimit cookies with a colon instead of a semi-colon. > RFC 2109 states "A server should also accept comma (,) as the separator between cookie-values for future compatibility". > Shouldn't ModSecurity support it also? > In case a User-Agent uses this (new?) syntax, cookies parsing is completely broken and most of cookies-related rules are confused. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira |