hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Hulands (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1646) Cookie domain and host depth
Date Mon, 04 May 2015 22:35:06 GMT
Greg Hulands created HTTPCLIENT-1646:

             Summary: Cookie domain and host depth
                 Key: HTTPCLIENT-1646
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1646
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpCookie
    Affects Versions: 4.4.1
         Environment: JDK 1.8
            Reporter: Greg Hulands

When connecting to a host with a domain name such as sub1.sub2.mydomain.com, http client with
log the following message and reject the cookie.

WARNING: Cookie rejected [sessionid="40720098-5f60-4440-96e4-9e5cafec2de8", version:1, domain:.mydomain.com,
path:/, expiry:null] Domain attribute ".mydomain.com" violates RFC 2109: host minus domain
may not contain any dots

I was unable to find in the spec where this is actually specified for the domain attribute.

This effectively limits cookies to be written only one subdomain higher than the current host.
This happens in both RFC2965DomainAttributeHandler and RFC2109DomainAttributeHandler.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message