[
https://issues.apache.org/jira/browse/CXF-6365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Kusnierz closed CXF-6365.
------------------------------
Resolution: Invalid
Sergey's point seems to be be correct. The java HttpCookie.parse method does
say that it constructs Cookies from "set-cookie"; but doesn't say that it is
also supports "cookie" header parsing. And yes the standard for sending vs
receiving cookies does appear to be different with respect to the position of
the Version tag.
> Cookie format written to request headers is invalid
> ---------------------------------------------------
>
> Key: CXF-6365
> URL: https://issues.apache.org/jira/browse/CXF-6365
> Project: CXF
> Issue Type: Bug
> Components: Transports
> Affects Versions: 3.0.4
> Reporter: Matt Kusnierz
> Original Estimate: 5m
> Remaining Estimate: 5m
>
> The org.apache.cxf.transport.http.Cookie.requestCookieHeader() method formats
> the Cookie incorrectly with the Version attribute first. The Cookie
> specification (RFC 2109: https://www.ietf.org/rfc/rfc2109.txt) states that
> the cookie name should be the first of the key-value pairs in the formatted
> cookie. Trying to parse cookie headers added in this way using the standard
> java utility: java.net.HttpCookie.parse causes an exception to be thrown:
> java.lang.IllegalArgumentException: Illegal cookie name.
> The fix is trivial, simply add the Version tag last instead of first. Seems
> to impact all versions of org.apache.cxf:cxf-rt-transports-http
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
