Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11444

[GSS](7.1.0) Add correct quoting to the cookie for a backward compatible behavior to EAP 6 (JBossWeb)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.1.0.ER2
    • 7.0.5.GA
    • Undertow
    • None

      Add correct quoting to the cookie for a backward compatible behavior and restore a legacy Set-Cookie format in EAP 6/JBossWeb.

      EAP 6/JBossWeb conforms to this old cookie specifications (RFC2109 and RFC2965), so it will automatically quotes a cookie value (also path and domain) in Set-Cookie header when the value contains any seprarator characters which should be quoted.

      For example, when accessing the following JSP which add a cookie value having one of seprarator characters (whitespace or @) which should be quoted:

      <%
    Cookie c = new Cookie("example","example cookie");
    Cookie c2 = new Cookie("test","user@example.com");
    response.addCookie(c);
    response.addCookie(c2);
%>

      EAP 6/JBossWeb responds with the following Set-Cookie format:

      Set-Cookie: example="example cookie"
Set-Cookie: test="user@example.com"

      but undertow responds with the following Set-Cookie format:

      Set-Cookie: example=example cookie // this is invalid in any of RFC 2109, RFC 2965 and RFC 6265
Set-Cookie: test=user@example.com // this is valid in RFC 6265 but invalid in RFC 2109 and RFC 2965

            sdouglas1@redhat.com Stuart Douglas
            rhn-support-mmiura Masafumi Miura
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: