Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-488

Adding the same cookie more than once fails

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • 1.3.0.CR1
    • 1.1.0.Final, 1.3.0.Beta2
    • Core
    • None
    • Hide

      Cookie cookie = new Cookie("hello", "world");
      cookie.setDomain("a.b.c");
      response.addCookie(cookie);
      cookie = cookie.clone();
      cookie.setDomain("x.y.z");
      response.addCookie(cookie);

      After executing the above code, only the cookie created for x.y.z will be set on the response.

      Show
      Cookie cookie = new Cookie("hello", "world"); cookie.setDomain("a.b.c"); response.addCookie(cookie); cookie = cookie.clone(); cookie.setDomain("x.y.z"); response.addCookie(cookie); After executing the above code, only the cookie created for x.y.z will be set on the response.

    Description

      Trying to set the same cookie several times on the request fails, and only the last cookie value is actually set on the response.

      The faulty code appears to lie here:
      https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/HttpServerExchange.java#L1077

      Essentially the problem is that this makes it impossible to set the same cookie ("hello") with different domain/path/comment/version/httponly/secure flags, out of which probably the different domain and path are the main ones hurting.

      Imagine a scenario whereby your app needs to work on more than one domains, and to achieve that the simplest/laziest approach is to simply set the same cookie value on all the domains the application can be accessed on (rather than trying to deduce the domain from the incoming request).

      I think this severely limits the usability, and potentially should be assigned Critical priority.

      Workaround: use response.addHeader with manually constructed Set-Cookie headers, not quite ideal.

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-16298 [GSS](7.2.z) UNDERTOW-1489 - Can't add more than one cookie with the same name

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-1489 Can't add more than one cookie with the same name

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              aldaris88 Peter Major (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: