You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to the current version of the session ticket format specification, nothing is told on how the field udata should be handled if the user-supplied value contains a semicolon.
In my humble opinion, making ';' a forbidden character and specifying that the ticket generation MUST fail if the format condition is violated is the best compromise for backward compatibility.
The alternative would be to transparently escape the string in a format which needs to be determined (urlencode?), and specify how the ticket generator should behave when the escaped string exceeds 255 characters.
Kind regards,
The text was updated successfully, but these errors were encountered:
Hi,
According to the current version of the session ticket format specification, nothing is told on how the field
udatashould be handled if the user-supplied value contains a semicolon.In my humble opinion, making ';' a forbidden character and specifying that the ticket generation MUST fail if the format condition is violated is the best compromise for backward compatibility.
The alternative would be to transparently escape the string in a format which needs to be determined (urlencode?), and specify how the ticket generator should behave when the escaped string exceeds 255 characters.
Kind regards,
The text was updated successfully, but these errors were encountered: