Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2194

Cookie parsing/assembling does not work 100% correctly.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • None
    • None
    • None

    Description

      Just so stuff does not get lost. Cookie parsing code should be revised and fixed. Keypoints:

      • natural ordering is bad, cookie order should be retained, clients, according to specs SHOULD order by best match first(most likely only for v1?).
      • cookie parsing, especially V1( rfc2109.txt ) depend on cookies being separated, which is incorrect:
        The syntax for the header is:
        4.3.4 Sending Cookies to the Origin Server
        cookie = "Cookie:" cookie-version
        1*((";" | ",") cookie-value)
        cookie-value = NAME "=" VALUE [";" path] [";" domain]
        cookie-version = "$Version" "=" value
        NAME = attr
        VALUE = value
        path = "$Path" "=" value
        domain = "$Domain" "=" value
      • possibly check rfc2109 vs 6265 cookie parsing?

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-2149 Wrong SessionID returned due to multiple JSESSIONID cookies with different path

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Pull Request Sent
          is related to

          Sub-task - The sub-task of the issue UNDERTOW-2089 RFC 6265 treats the attributes of an RFC 2109 cookie as a separate cookies

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-2082 HTTP/2 doesn't reassemble cookie headers violating rfc7540 8.1.2.5

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              rhn-cservice-bbaranow Bartosz Baranowski
              rhn-cservice-bbaranow Bartosz Baranowski
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: