I'm not sure there is much we can do about it if the standard Servlet refuse cookie names with colon in it. From what I see in "javax.servlet.http.Cookie" 3.1.0 code you can change a bit the validation be setting the System property "org.glassfish.web.rfc2109_cookie_names_enforced" to false (as in -Dorg.glassfish.web.rfc2109_cookie_names_enforced=false) which then only check for ",", ";" and white space. It feels like a won't fix to me (and just document how to change the validation behavior if an admin really wants to). |