cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Kusnierz (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (CXF-6365) Cookie format written to request headers is invalid
Date Thu, 23 Apr 2015 18:08:38 GMT

     [ https://issues.apache.org/jira/browse/CXF-6365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Matt Kusnierz closed CXF-6365.
------------------------------
    Resolution: Invalid

Sergey's point seems to be be correct. The java HttpCookie.parse method does say that it constructs
Cookies from "set-cookie"; but doesn't say that it is also supports "cookie" header parsing.
And yes the standard for sending vs receiving cookies does appear to be different with respect
to the position of the Version tag.

> Cookie format written to request headers is invalid
> ---------------------------------------------------
>
>                 Key: CXF-6365
>                 URL: https://issues.apache.org/jira/browse/CXF-6365
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 3.0.4
>            Reporter: Matt Kusnierz
>   Original Estimate: 5m
>  Remaining Estimate: 5m
>
> The org.apache.cxf.transport.http.Cookie.requestCookieHeader() method formats the Cookie
incorrectly with the Version attribute first. The Cookie specification (RFC 2109: https://www.ietf.org/rfc/rfc2109.txt)
states that the cookie name should be the first of the key-value pairs in the formatted cookie.
Trying to parse cookie headers added in this way using the standard java utility: java.net.HttpCookie.parse
causes an exception to be thrown: java.lang.IllegalArgumentException: Illegal cookie name.
> The fix is trivial, simply add the Version tag last instead of first. Seems to impact
all versions of org.apache.cxf:cxf-rt-transports-http



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message