hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HTTPCLIENT-1327) BrowserCompatSpec double quotes cookie value when cookie has "expires" attribute
Date Tue, 02 Apr 2013 13:05:15 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Oleg Kalnichevski resolved HTTPCLIENT-1327.

       Resolution: Fixed
    Fix Version/s: 4.3 Alpha2

The cookie is question clearly violates the HTTP state management specification and should
be rejected by strict cookie policies. As far as browser compatibility is concerned I honestly
do not know what should be the best way of handling such cookies. For the time being, I just
added an extra check for enclosing quote marks in order to avoid double-quoting of cookies
that contain Netscape style 'expiry' attribute.

> BrowserCompatSpec double quotes cookie value when cookie has "expires" attribute
> --------------------------------------------------------------------------------
>                 Key: HTTPCLIENT-1327
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1327
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.3 Alpha1
>            Reporter: Francois-Xavier Bonnet
>            Priority: Minor
>             Fix For: 4.2.4, 4.3 Alpha2
> When receiving this header:
> Set-Cookie: test="test"; Version=1; Max-Age=1000; Expires=Mon, 11-Feb-2013 10:39:19 GMT;
> If you parse and format again the cookie you get:
> Cookie: test="\"test\""
> I tested with the last versions of Firefox, Chrome and Internet Explorer and you always
> Cookie: test="test"
> You can easily get such a cookie with Tomcat:
>         Cookie tomcatCookie = new Cookie("test", "test");
>         tomcatCookie.setPath("/");
>         tomcatCookie.setMaxAge(1000);
>         response.addCookie(tomcatCookie);
> The problem is that BrowserCompatSpec considers it as a Netscape style cookie because
of expires attribute so the quotes are considered as being part of the value.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message