Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1163

Add a configurable parameter (system property) to accept comma (,) as Cookie delimiter

XMLWordPrintable

      Undertow does not treat comma (,) as Cookie delimiter. So, when the following request Cookie header is sent from client:

      Cookie: FOO=BAR, JSESSIONID=<jsessionid-value>
      

      Undertow does not treate two cookies, "FOO=BAR" and "JSESSIONID=<jsessionid-value>" but trate this as one cookie "FOO=BAR, JSESSIONID".

      Comma is not valid delimiter in the latest RFC6265 and web browsers basically do not send such Cookie header. However, it was valid in the old RFC2109 and such Cookie header happens when old commons-httpclient (3.x) run as a client and Apache httpd/mod_proxy is placed in front of EAP 7/Undertow:

      httpclient -(a)-> httpd/mod_proxy -(b)-> EAP 7
      

      When (a) sends the following multiple Cookie header:

      Cookie: foo=bar
      Cookie: foo2=bar2
      

      (b) sends the folllowing one Cookie header:

      Cookie: foo=bar, foo2=bar2
      

      To provide a backward compatibility, it's nice to have a configurable parameter to change undertow behavior to accept comma as Cookie delimiter.

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              rhn-support-mmiura Masafumi Miura
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: