You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Greg Hulands (JIRA)" <ji...@apache.org> on 2015/05/05 00:35:06 UTC
[jira] [Created] (HTTPCLIENT-1646) Cookie domain and host depth
Greg Hulands created HTTPCLIENT-1646:
----------------------------------------
Summary: Cookie domain and host depth
Key: HTTPCLIENT-1646
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1646
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpCookie
Affects Versions: 4.4.1
Environment: JDK 1.8
Reporter: Greg Hulands
When connecting to a host with a domain name such as sub1.sub2.mydomain.com, http client with log the following message and reject the cookie.
WARNING: Cookie rejected [sessionid="40720098-5f60-4440-96e4-9e5cafec2de8", version:1, domain:.mydomain.com, path:/, expiry:null] Domain attribute ".mydomain.com" violates RFC 2109: host minus domain may not contain any dots
I was unable to find in the spec where this is actually specified for the domain attribute.
This effectively limits cookies to be written only one subdomain higher than the current host. This happens in both RFC2965DomainAttributeHandler and RFC2109DomainAttributeHandler.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org