[
https://issues.apache.org/jira/browse/CXF-6729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15230012#comment-15230012
]
Sergey Beryozkin commented on CXF-6729:
---------------------------------------
The most important factor here is that the cookies produced by CXF JAX-RS are
processed properly by the real world 3rd party consumers such as web browsers
and quoting Path does not help.
I've no idea why the session spec quotes path values with the forward slashes
given that it is a non-special character for the URI Path component. I've
updated the code to not quote Path if it only has a "/" 'special char'. To be
honest I'm willing to scrap all the other special characters processing for
Path but only check for white spaces, same way Jersey does it - will do it if
people will report more issues with the current code.
> Version 1 NewCookie is not compliant with RFC 2109
> ---------------------------------------------------
>
> Key: CXF-6729
> URL: https://issues.apache.org/jira/browse/CXF-6729
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 3.0.7, 3.1.4
> Environment: Windows
> Reporter: Neal Hu
> Fix For: 3.1.5, 3.0.8
>
> Attachments: NewCookieHeaderProvider.java,
> NewCookieHeaderProvider.patch, NewCookieHeaderProviderTest.java,
> NewCookieHeaderProviderTest.patch, ResponseImplTest.java
>
>
> Hi,
> From http://www.ietf.org/rfc/rfc2109.txt and
> http://stackoverflow.com/questions/572482/why-do-cookie-values-with-whitespace-arrive-at-the-client-side-with-quotes
> the version 1 cookie look like: name="value with
> spaces";Max-Age=3600;Path="/";Version=1
> NewCookieHeaderProvider.toString(NewCookie) has not handled the special
> characters(RFC2068) that need around with quotes
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
