Default cookie name doesn't satisfy RFC6265 #28
Comments
|
sure |
|
i'll add this in the next version when the sessions can/will be encrypted |
|
wtf, if it's quoted it shouldn't matter, weird spec is weird |
|
Hi, any updates on this ? I'm building a server that communicates with a Dart application, with session handling via cookies. Dart validates the cookie names against the RFC, and thus throws an error while parsing a For now I've simply changed the name manually, but I think it would be great to have a default cookie name that doesn't break the RFC. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The default cookie name
koa:sesscontains:, which is not a valid token character in accordance with RFC6265 and RFC2616. Although most web browsers and servers allow this, it causes problems in some more strict environment such as spray.Would you consider remaining it? If so, should we take backward compatibility into account?
The text was updated successfully, but these errors were encountered: