-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
None
Just so stuff does not get lost. Cookie parsing code should be revised and fixed. Keypoints:
- natural ordering is bad, cookie order should be retained, clients, according to specs SHOULD order by best match first(most likely only for v1?).
- cookie parsing, especially V1( rfc2109.txt ) depend on cookies being separated, which is incorrect:
The syntax for the header is:
4.3.4 Sending Cookies to the Origin Server
cookie = "Cookie:" cookie-version
1*((";" | ",") cookie-value)
cookie-value = NAME "=" VALUE [";" path] [";" domain]
cookie-version = "$Version" "=" value
NAME = attr
VALUE = value
path = "$Path" "=" value
domain = "$Domain" "=" value - possibly check rfc2109 vs 6265 cookie parsing?
- blocks
-
UNDERTOW-2149 Wrong SessionID returned due to multiple JSESSIONID cookies with different path
- Pull Request Sent
- is related to
-
UNDERTOW-2089 RFC 6265 treats the attributes of an RFC 2109 cookie as a separate cookies
- Closed
- relates to
-
UNDERTOW-2082 HTTP/2 doesn't reassemble cookie headers violating rfc7540 8.1.2.5
- Closed