Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-802

"Comment" attribute is missing in Version 1 Cookie

    XMLWordPrintable

Details

    • Hide

      1. Deploy the following cookie.jsp

      <% 
    Cookie c = new Cookie("myname", "myvalue"); 
    c.setMaxAge(60);
    String version = request.getParameter("version");
    if (version != null) {
      if (version.equals("0")) {
        c.setVersion(0);
      } else if (version.equals("1")) {
        c.setVersion(1);
      }
    }
    c.setDomain("www.example.com");
    c.setPath(request.getContextPath());
    c.setSecure(true);
    c.setComment("mycomment");
    response.addCookie(c);
%>

      2. Access JSP page with a query param {{version=1} to enable Version 1 Cookie then see if Cookie has "Comment" attribute:

      $ curl -v localhost:8080/myapp/cookie.jsp?version=1
> GET /myapp/cookie.jsp?version=1 HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:8080
> Accept: */*
> 
< HTTP/1.1 200 OK
< Connection: keep-alive
< X-Powered-By: Undertow/1
< X-Powered-By: JSP/2.3
< Set-Cookie: JSESSIONID=JzPFmPS7NPiYQgYEQxNdSiLJ6z8K-jIniifnUxYN; path=/myapp
< Set-Cookie: myname=myvalue; Version=1; Path=/myapp; Domain=www.example.com; Secure; Max-Age=60
< Server: JBoss-EAP/7
< Content-Type: text/html;charset=ISO-8859-1
< Content-Length: 1
< Date: Mon, 22 Aug 2016 12:26:34 GMT
<
      Show
      1. Deploy the following cookie.jsp <% Cookie c = new Cookie( "myname" , "myvalue" ); c.setMaxAge(60); String version = request.getParameter( "version" ); if (version != null ) { if (version.equals( "0" )) { c.setVersion(0); } else if (version.equals( "1" )) { c.setVersion(1); } } c.setDomain( "www.example.com" ); c.setPath(request.getContextPath()); c.setSecure( true ); c.setComment( "mycomment" ); response.addCookie(c); %> 2. Access JSP page with a query param {{version=1} to enable Version 1 Cookie then see if Cookie has "Comment" attribute: $ curl -v localhost:8080/myapp/cookie.jsp?version=1 > GET /myapp/cookie.jsp?version=1 HTTP/1.1 > User-Agent: curl/7.29.0 > Host: localhost:8080 > Accept: */* > < HTTP/1.1 200 OK < Connection: keep-alive < X-Powered-By: Undertow/1 < X-Powered-By: JSP/2.3 < Set-Cookie: JSESSIONID=JzPFmPS7NPiYQgYEQxNdSiLJ6z8K-jIniifnUxYN; path=/myapp < Set-Cookie: myname=myvalue; Version=1; Path=/myapp; Domain=www.example.com; Secure; Max-Age=60 < Server: JBoss-EAP/7 < Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 1 < Date: Mon, 22 Aug 2016 12:26:34 GMT <

    Description

      Comment attribute is missing in Version 1 Cookie

      Though the latest cookie spec[1] does not mention the attribute, the previous cookie specs[2][3] define the attribute and Servlet API[4] also has setComment(String) method. So, Comment attribute should be supported in V1 Cookie.

      The old Netscape spec[5] does not mention the attribute attribute, so it's not required in V0 Cookie.

      [1] https://tools.ietf.org/html/rfc6265
      [2] https://tools.ietf.org/html/rfc2109
      [3] https://tools.ietf.org/html/rfc2965
      [4] http://docs.oracle.com/javaee/7/api/javax/servlet/http/Cookie.html
      [5] http://web.archive.org/web/20020803110822/http://wp.netscape.com/newsref/std/cookie_spec.html

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-5695 [GSS](7.0.z) "Comment" attribute is missing in Version 1 Cookie

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              rhn-support-mmiura Masafumi Miura
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: