Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11444

[GSS](7.1.0) Add correct quoting to the cookie for a backward compatible behavior to EAP 6 (JBossWeb)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.1.0.ER2
    • 7.0.5.GA
    • Undertow
    • None

      Add correct quoting to the cookie for a backward compatible behavior and restore a legacy Set-Cookie format in EAP 6/JBossWeb.

      EAP 6/JBossWeb conforms to this old cookie specifications (RFC2109 and RFC2965), so it will automatically quotes a cookie value (also path and domain) in Set-Cookie header when the value contains any seprarator characters which should be quoted.

      For example, when accessing the following JSP which add a cookie value having one of seprarator characters (whitespace or @) which should be quoted:

      <%
          Cookie c = new Cookie("example","example cookie");
          Cookie c2 = new Cookie("test","user@example.com");
          response.addCookie(c);
          response.addCookie(c2);
      %>
      

      EAP 6/JBossWeb responds with the following Set-Cookie format:

      Set-Cookie: example="example cookie"
      Set-Cookie: test="user@example.com"
      

      but undertow responds with the following Set-Cookie format:

      Set-Cookie: example=example cookie // this is invalid in any of RFC 2109, RFC 2965 and RFC 6265
      Set-Cookie: test=user@example.com // this is valid in RFC 6265 but invalid in RFC 2109 and RFC 2965
      

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              rhn-support-mmiura Masafumi Miura
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: