All RESTEasy client instances provide support for cookie management as a browser would do.
To my opinion there are few problems with enabling this by default:
- JAX-RS is used to build stateless application, so it's a bit weird to have cookie state management enabled by default
- Since Clients are heavy weight objetcs, for performance reasons, JAX-RS advises us to create as little as possible and instead reuse them.
So if I create a single Client instance in my server application and if I reuse it for all users connected to my application to make request to any other API sending cookies, then:
- 1st unexpected point: cookies will be stored in my server through the client
- second one, all users will share the same cookies.
This behavior can be confusing for user since it is RESTEasy specific and not mentionned in JAX-RS spec.
So even if cookie management is a nice feature, for all previous reasons I propose to disable it by default and let user choose if he wants it to be enabled or not.