[Mod-security-developers] [JIRA] Resolved: (MODSEC-261) Cookies delimiter

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

     [ https://www.modsecurity.org/tracker/browse/MODSEC-261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Breno Silva Pinto resolved MODSEC-261.
--------------------------------------

    Resolution: Fixed

Marc,

Added a code that try to find the separator. It is working for me.
Going to close this now. However if necessary we can re-open.

Thanks

> Cookies delimiter
> -----------------
>
>                 Key: MODSEC-261
>                 URL: https://www.modsecurity.org/tracker/browse/MODSEC-261
>             Project: ModSecurity
>          Issue Type: Bug
>      Security Level: Normal
>          Components: Core
>            Reporter: Marc Stern
>            Assignee: Breno Silva Pinto
>             Fix For: 2.7.0
>
>
> Some (?) user-agents (at least BlackBerry) delimit cookies with a colon instead of a semi-colon.
> RFC 2109 states "A server should also accept comma (,) as the separator between cookie-values for future compatibility".
> Shouldn't ModSecurity support it also?
> In case a User-Agent uses this (new?) syntax, cookies parsing is completely broken and most of cookies-related rules are confused.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira