You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Marc Saegesser <Ma...@apropos.com> on 2002/03/05 00:58:53 UTC
[httpclient] Constructing Cookies with null domains (again)
There was some discussion last month about the expected results of
constructing a Cookie with a null domain. I can't find the exact email
where the decision was reached, but I think the concensus was that we should
support a null domain and default to the request host. There were a couple
test cases added to TestCookie.java to excersize constructing a cookie with
a null domain. These tests are fail currently.
I'd like to revisit this issue and propose that we *don't* support
constructing cookies with a null domain. In this case the constructor
should throw an IllegalArgumentException. The reason is that the Cookie
constructor is not in a position to provide any reasonable default value for
domain because it does not have any idea what the request host is.
Marc Saegesser
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [httpclient] Constructing Cookies with null domains (again)
Posted by dIon Gillard <di...@multitask.com.au>.
Marc Saegesser wrote:
>There was some discussion last month about the expected results of
>constructing a Cookie with a null domain. I can't find the exact email
>where the decision was reached, but I think the concensus was that we should
>support a null domain and default to the request host. There were a couple
>test cases added to TestCookie.java to excersize constructing a cookie with
>a null domain. These tests are fail currently.
>
There are three issues:
- Cookie properties being null (domain, path etc)
- Creating cookies using parse
- Creating the cookie header using createCookieHeader
>I'd like to revisit this issue and propose that we *don't* support
>constructing cookies with a null domain. In this case the constructor
>should throw an IllegalArgumentException. The reason is that the Cookie
>constructor is not in a position to provide any reasonable default value for
>domain because it does not have any idea what the request host is.
>
But according to the cookie spec, domain is optional for the cookie
header when sending to the client. So the Cookie class as a holder of
the cookie before the request is sent, should allow null domains. But
for parsing cookies from a header, or creating the header, I think you
must specify a domain when calling these methods.
The tests are there to document current behaviour. I believe the tests
fail due to nulls being passed on createCookieHeader or parse. These
methods I think should be changed to throw NPEs if the params are null,
and the tests changed accordingly.
>Marc Saegesser
>
--
dIon Gillard, Multitask Consulting
http://adslgateway.multitask.com.au/developers
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>