Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.0.10.GA
Affects Version/s: None
Component/s: Undertow
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.0.z.GA
Git Pull Request:
https://github.com/undertow-io/undertow/commit/440288804bb4a57c23d8994a3429d826db63160a, https://github.com/undertow-io/undertow/commit/6d805e34b807c2bbcb71895619d7eedef45fb0d7

SFDC Cases Counter:
SFDC Cases Links:

Undertow does not treat comma (,) as Cookie delimiter. So, when the following request Cookie header is sent from client:

Cookie: FOO=BAR, JSESSIONID=<jsessionid-value>

Undertow does not treate two cookies, "FOO=BAR" and "JSESSIONID=<jsessionid-value>" but trate this as one cookie "FOO=BAR, JSESSIONID".

Comma is not valid delimiter in the latest RFC6265 and web browsers basically do not send such Cookie header. However, it was valid in the old RFC2109 and such Cookie header happens when old commons-httpclient (3.x) run as a client and Apache httpd/mod_proxy is placed in front of EAP 7/Undertow:

httpclient -(a)-> httpd/mod_proxy -(b)-> EAP 7

When (a) sends the following multiple Cookie header:

Cookie: foo=bar
Cookie: foo2=bar2

(b) sends the folllowing one Cookie header:

Cookie: foo=bar, foo2=bar2

To provide a backward compatibility, it's nice to have a configurable parameter to change undertow behavior to accept comma as Cookie delimiter.

is incorporated by

JBEAP-12805 [GSS](7.0.z) EAP 7/Undertow does not treat comma (,) as Cookie delimiter

Resolved

JBEAP-13749 [GSS](7.0.z) Upgrade Undertow from 1.3.31 to 1.3.33

Closed

Assignee:: Stuart Douglas

Reporter:: Ingo Weiss

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2018/01/12 9:04 AM

Updated:: 2018/01/15 4:59 AM

Resolved:: 2018/01/12 9:07 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates