Undertow does not treat comma (,) as Cookie delimiter. So, when the following request Cookie header is sent from client:
Cookie: FOO=BAR, JSESSIONID=<jsessionid-value>
Undertow does not treate two cookies, "FOO=BAR" and "JSESSIONID=<jsessionid-value>" but trate this as one cookie "FOO=BAR, JSESSIONID".
Comma is not valid delimiter in the latest RFC6265 and web browsers basically do not send such Cookie header. However, it was valid in the old RFC2109 and such Cookie header happens when old commons-httpclient (3.x) run as a client and Apache httpd/mod_proxy is placed in front of EAP 7/Undertow:
httpclient -(a)-> httpd/mod_proxy -(b)-> EAP 7
When (a) sends the following multiple Cookie header:
Cookie: foo=bar Cookie: foo2=bar2
(b) sends the folllowing one Cookie header:
Cookie: foo=bar, foo2=bar2
To provide a backward compatibility, it's nice to have a configurable parameter to change undertow behavior to accept comma as Cookie delimiter.
- is incorporated by
-
JBEAP-12805 [GSS](7.0.z) EAP 7/Undertow does not treat comma (,) as Cookie delimiter
- Resolved
-
JBEAP-13749 [GSS](7.0.z) Upgrade Undertow from 1.3.31 to 1.3.33
- Closed