Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1096

Add correct quoting to the cookie for a backward compatible behavior to EAP 6 (JBossWeb)

    Details

      Description

      Add correct quoting to the cookie for a backward compatible behavior and restore a legacy Set-Cookie format in EAP 6/JBossWeb.

      EAP 6/JBossWeb conforms to this old cookie specifications (RFC2109 and RFC2965), so it will automatically quotes a cookie value (also path and domain) in Set-Cookie header when the value contains any seprarator characters which should be quoted.

      For example, when accessing the following JSP which add a cookie value having one of seprarator characters (whitespace or @) which should be quoted:

      <%
          Cookie c = new Cookie("example","example cookie");
          Cookie c2 = new Cookie("test","user@example.com");
          response.addCookie(c);
          response.addCookie(c2);
      %>
      

      EAP 6/JBossWeb responds with the following Set-Cookie format:

      Set-Cookie: example="example cookie"
      Set-Cookie: test="user@example.com"
      

      but undertow responds with the following Set-Cookie format:

      Set-Cookie: example=example cookie // this is invalid in any of RFC 2109, RFC 2965 and RFC 6265
      Set-Cookie: test=user@example.com // this is valid in RFC 6265 but invalid in RFC 2109 and RFC 2965
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  swd847 Stuart Douglas
                  Reporter:
                  mmiura Masafumi Miura
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: