Issue

Current behaviour (8.0.0-RC10/7.0.50)

Proposed new behaviour

Servlet + Netscape + RFC2109

Servlet + RFC 6265

0x80 to 0xFF in cookie value (Bug 55917)

IAE

TBD

Netscape yes. RFC2109 requires quotes.

RFC 6265 never allowed.

CTL allowed in quoted cookie values (Bug 55918)

Allowed

TBD

Not allowed.

Not allowed.

Quoted values in V0 cookies (Bug 55920)

Quotes removed.

TBD

Netscape - quotes are part of value.

Quotes are not part of value.

Raw JSON in cookie values (Bug 55921)

TBD

TBD

TBD

TBD

Allow equals in value

Not by default. Allowed if property set.

TBD

Netscape is ambiguous. RFC2109 requires quoting.

Allowed.

Allow separators in V0 names and values

Not by default. Allowed if property set.

TBD

Yes except semi-colon, comma and whitespace.

Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash.

Always add expires

Enabled by default. Disabled by property.

TBD

Netsacpe uses expires. RFC2109 uses Max-Age.

Allows either, none or both.

/ is separator

Enabled by default. Disabled by property.

TBD

Netscape allowed in names and values. RFC2109 allowed in values if quoted.

Allowed in values.

Strict naming

Enabled by default. Disabled by property.

TBD

Netscape allows names the Servlet spec does not. RFC2109 is consistent with the Servlet spec.

Consistent with the Servlet spec.

Allow name only

Disabled by default. Enabled by property.

TBD

Netscape allowed and equals sign expected before empty value. RFC2109 not allowed.

Allowed but equals sign required before empty value.