Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1096

Add correct quoting to the cookie for a backward compatible behavior to EAP 6 (JBossWeb)

    XMLWordPrintable

Details

    Description

      Add correct quoting to the cookie for a backward compatible behavior and restore a legacy Set-Cookie format in EAP 6/JBossWeb.

      EAP 6/JBossWeb conforms to this old cookie specifications (RFC2109 and RFC2965), so it will automatically quotes a cookie value (also path and domain) in Set-Cookie header when the value contains any seprarator characters which should be quoted.

      For example, when accessing the following JSP which add a cookie value having one of seprarator characters (whitespace or @) which should be quoted:

      <%
    Cookie c = new Cookie("example","example cookie");
    Cookie c2 = new Cookie("test","user@example.com");
    response.addCookie(c);
    response.addCookie(c2);
%>

      EAP 6/JBossWeb responds with the following Set-Cookie format:

      Set-Cookie: example="example cookie"
Set-Cookie: test="user@example.com"

      but undertow responds with the following Set-Cookie format:

      Set-Cookie: example=example cookie // this is invalid in any of RFC 2109, RFC 2965 and RFC 6265
Set-Cookie: test=user@example.com // this is valid in RFC 6265 but invalid in RFC 2109 and RFC 2965

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11444 [GSS](7.1.0) Add correct quoting to the cookie for a backward compatible behavior to EAP 6 (JBossWeb)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11442 [GSS](7.0.z) RFC6265 compliant cookie validation

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-1095 Add optional support for RFC6265 compliant cookie validation

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) JBEAP-11443 [GSS](7.1.0) Add optional support for RFC6265 compliant cookie validation

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) JBEAP-12765 [7.1] Migration (GSS) Add optional support for RFC6265 compliant cookie validation

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              rhn-support-mmiura Masafumi Miura
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: