-
Bug
-
Resolution: Done
-
Major
-
7.0.5.GA
-
None
Add correct quoting to the cookie for a backward compatible behavior and restore a legacy Set-Cookie format in EAP 6/JBossWeb.
—
EAP 6/JBossWeb conforms to this old cookie specifications (RFC2109 and RFC2965), so it will automatically quotes a cookie value (also path and domain) in Set-Cookie header when the value contains any seprarator characters which should be quoted.
For example, when accessing the following JSP which add a cookie value having one of seprarator characters (whitespace or @) which should be quoted:
<% Cookie c = new Cookie("example","example cookie"); Cookie c2 = new Cookie("test","user@example.com"); response.addCookie(c); response.addCookie(c2); %>
EAP 6/JBossWeb responds with the following Set-Cookie format:
Set-Cookie: example="example cookie" Set-Cookie: test="user@example.com"
but undertow responds with the following Set-Cookie format:
Set-Cookie: example=example cookie // this is invalid in any of RFC 2109, RFC 2965 and RFC 6265 Set-Cookie: test=user@example.com // this is valid in RFC 6265 but invalid in RFC 2109 and RFC 2965
- clones
-
UNDERTOW-1096 Add correct quoting to the cookie for a backward compatible behavior to EAP 6 (JBossWeb)
- Resolved
- is related to
-
UNDERTOW-1095 Add optional support for RFC6265 compliant cookie validation
- Resolved
-
JBEAP-11442 [GSS](7.0.z) RFC6265 compliant cookie validation
- Closed
-
JBEAP-11443 [GSS](7.1.0) Add optional support for RFC6265 compliant cookie validation
- Closed
-
JBEAP-12765 [7.1] Migration (GSS) Add optional support for RFC6265 compliant cookie validation
- Closed