Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1163

Add a configurable parameter (system property) to accept comma (,) as Cookie delimiter

    Details

      Description

      Undertow does not treat comma (,) as Cookie delimiter. So, when the following request Cookie header is sent from client:

      Cookie: FOO=BAR, JSESSIONID=<jsessionid-value>
      

      Undertow does not treate two cookies, "FOO=BAR" and "JSESSIONID=<jsessionid-value>" but trate this as one cookie "FOO=BAR, JSESSIONID".

      Comma is not valid delimiter in the latest RFC6265 and web browsers basically do not send such Cookie header. However, it was valid in the old RFC2109 and such Cookie header happens when old commons-httpclient (3.x) run as a client and Apache httpd/mod_proxy is placed in front of EAP 7/Undertow:

      httpclient -(a)-> httpd/mod_proxy -(b)-> EAP 7
      

      When (a) sends the following multiple Cookie header:

      Cookie: foo=bar
      Cookie: foo2=bar2
      

      (b) sends the folllowing one Cookie header:

      Cookie: foo=bar, foo2=bar2
      

      To provide a backward compatibility, it's nice to have a configurable parameter to change undertow behavior to accept comma as Cookie delimiter.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  swd847 Stuart Douglas
                  Reporter:
                  mmiura Masafumi Miura
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: