You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Greg Hulands (JIRA)" <ji...@apache.org> on 2015/05/05 00:35:06 UTC

[jira] [Created] (HTTPCLIENT-1646) Cookie domain and host depth

Greg Hulands created HTTPCLIENT-1646:
----------------------------------------

             Summary: Cookie domain and host depth
                 Key: HTTPCLIENT-1646
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1646
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpCookie
    Affects Versions: 4.4.1
         Environment: JDK 1.8
            Reporter: Greg Hulands


When connecting to a host with a domain name such as sub1.sub2.mydomain.com, http client with log the following message and reject the cookie.

WARNING: Cookie rejected [sessionid="40720098-5f60-4440-96e4-9e5cafec2de8", version:1, domain:.mydomain.com, path:/, expiry:null] Domain attribute ".mydomain.com" violates RFC 2109: host minus domain may not contain any dots

I was unable to find in the spec where this is actually specified for the domain attribute.

This effectively limits cookies to be written only one subdomain higher than the current host. This happens in both RFC2965DomainAttributeHandler and RFC2109DomainAttributeHandler.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org