Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1096

Add correct quoting to the cookie for a backward compatible behavior to EAP 6 (JBossWeb)

XMLWordPrintable

      Add correct quoting to the cookie for a backward compatible behavior and restore a legacy Set-Cookie format in EAP 6/JBossWeb.

      EAP 6/JBossWeb conforms to this old cookie specifications (RFC2109 and RFC2965), so it will automatically quotes a cookie value (also path and domain) in Set-Cookie header when the value contains any seprarator characters which should be quoted.

      For example, when accessing the following JSP which add a cookie value having one of seprarator characters (whitespace or @) which should be quoted:

      <%
    Cookie c = new Cookie("example","example cookie");
    Cookie c2 = new Cookie("test","user@example.com");
    response.addCookie(c);
    response.addCookie(c2);
%>

      EAP 6/JBossWeb responds with the following Set-Cookie format:

      Set-Cookie: example="example cookie"
Set-Cookie: test="user@example.com"

      but undertow responds with the following Set-Cookie format:

      Set-Cookie: example=example cookie // this is invalid in any of RFC 2109, RFC 2965 and RFC 6265
Set-Cookie: test=user@example.com // this is valid in RFC 6265 but invalid in RFC 2109 and RFC 2965

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              rhn-support-mmiura Masafumi Miura
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: