You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Matt Kusnierz (JIRA)" <ji...@apache.org> on 2015/04/23 20:08:38 UTC
[jira] [Closed] (CXF-6365) Cookie format written to request headers
is invalid
[ https://issues.apache.org/jira/browse/CXF-6365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Kusnierz closed CXF-6365.
------------------------------
Resolution: Invalid
Sergey's point seems to be be correct. The java HttpCookie.parse method does say that it constructs Cookies from "set-cookie"; but doesn't say that it is also supports "cookie" header parsing. And yes the standard for sending vs receiving cookies does appear to be different with respect to the position of the Version tag.
> Cookie format written to request headers is invalid
> ---------------------------------------------------
>
> Key: CXF-6365
> URL: https://issues.apache.org/jira/browse/CXF-6365
> Project: CXF
> Issue Type: Bug
> Components: Transports
> Affects Versions: 3.0.4
> Reporter: Matt Kusnierz
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> The org.apache.cxf.transport.http.Cookie.requestCookieHeader() method formats the Cookie incorrectly with the Version attribute first. The Cookie specification (RFC 2109: https://www.ietf.org/rfc/rfc2109.txt) states that the cookie name should be the first of the key-value pairs in the formatted cookie. Trying to parse cookie headers added in this way using the standard java utility: java.net.HttpCookie.parse causes an exception to be thrown: java.lang.IllegalArgumentException: Illegal cookie name.
> The fix is trivial, simply add the Version tag last instead of first. Seems to impact all versions of org.apache.cxf:cxf-rt-transports-http
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)