Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-802

"Comment" attribute is missing in Version 1 Cookie

XMLWordPrintable

    • Hide

      1. Deploy the following cookie.jsp

      <% 
    Cookie c = new Cookie("myname", "myvalue"); 
    c.setMaxAge(60);
    String version = request.getParameter("version");
    if (version != null) {
      if (version.equals("0")) {
        c.setVersion(0);
      } else if (version.equals("1")) {
        c.setVersion(1);
      }
    }
    c.setDomain("www.example.com");
    c.setPath(request.getContextPath());
    c.setSecure(true);
    c.setComment("mycomment");
    response.addCookie(c);
%>

      2. Access JSP page with a query param {{version=1} to enable Version 1 Cookie then see if Cookie has "Comment" attribute:

      $ curl -v localhost:8080/myapp/cookie.jsp?version=1
> GET /myapp/cookie.jsp?version=1 HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:8080
> Accept: */*
> 
< HTTP/1.1 200 OK
< Connection: keep-alive
< X-Powered-By: Undertow/1
< X-Powered-By: JSP/2.3
< Set-Cookie: JSESSIONID=JzPFmPS7NPiYQgYEQxNdSiLJ6z8K-jIniifnUxYN; path=/myapp
< Set-Cookie: myname=myvalue; Version=1; Path=/myapp; Domain=www.example.com; Secure; Max-Age=60
< Server: JBoss-EAP/7
< Content-Type: text/html;charset=ISO-8859-1
< Content-Length: 1
< Date: Mon, 22 Aug 2016 12:26:34 GMT
<
      Show
      1. Deploy the following cookie.jsp <% Cookie c = new Cookie( "myname" , "myvalue" ); c.setMaxAge(60); String version = request.getParameter( "version" ); if (version != null ) { if (version.equals( "0" )) { c.setVersion(0); } else if (version.equals( "1" )) { c.setVersion(1); } } c.setDomain( "www.example.com" ); c.setPath(request.getContextPath()); c.setSecure( true ); c.setComment( "mycomment" ); response.addCookie(c); %> 2. Access JSP page with a query param {{version=1} to enable Version 1 Cookie then see if Cookie has "Comment" attribute: $ curl -v localhost:8080/myapp/cookie.jsp?version=1 > GET /myapp/cookie.jsp?version=1 HTTP/1.1 > User-Agent: curl/7.29.0 > Host: localhost:8080 > Accept: */* > < HTTP/1.1 200 OK < Connection: keep-alive < X-Powered-By: Undertow/1 < X-Powered-By: JSP/2.3 < Set-Cookie: JSESSIONID=JzPFmPS7NPiYQgYEQxNdSiLJ6z8K-jIniifnUxYN; path=/myapp < Set-Cookie: myname=myvalue; Version=1; Path=/myapp; Domain=www.example.com; Secure; Max-Age=60 < Server: JBoss-EAP/7 < Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 1 < Date: Mon, 22 Aug 2016 12:26:34 GMT <

      Comment attribute is missing in Version 1 Cookie

      Though the latest cookie spec[1] does not mention the attribute, the previous cookie specs[2][3] define the attribute and Servlet API[4] also has setComment(String) method. So, Comment attribute should be supported in V1 Cookie.

      The old Netscape spec[5] does not mention the attribute attribute, so it's not required in V0 Cookie.

      [1] https://tools.ietf.org/html/rfc6265
      [2] https://tools.ietf.org/html/rfc2109
      [3] https://tools.ietf.org/html/rfc2965
      [4] http://docs.oracle.com/javaee/7/api/javax/servlet/http/Cookie.html
      [5] http://web.archive.org/web/20020803110822/http://wp.netscape.com/newsref/std/cookie_spec.html

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              rhn-support-mmiura Masafumi Miura
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: