ArrayIndexOutOfBoundsException if too many cookie headers are set

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 6.1.18
Fix Version/s: 7.1.0
Component/s: None
Labels:
None
Environment:
Windows and Linux, JDK 1.5.0_19, Jetty 6.1.18 -and- snapshot from Nov 4 2009, running Jetty in JBoss.

Description

We have an application which was writing the same cookie multiple times throughout the request processing lifecycle. In Jetty 5.1.14 and previous versions this did not cause any problems. However, in Jetty 6.1 this can cause an ArrayIndexOutOfBoundsException.

A sample stack trace we have follows. We worked around the problem in a Filter by wrapping the HttpServletResponse and overriding addCookie. This handles every possible cookie case without having to audit the code looking for potential duplicate cookie setting. The expected behaviour should be that Jetty should discard duplicate cookies if the headers have not been sent, or else send them, but not overrun its header buffer.

// workaround code
public class Wrapper extends HttpServletResponseWrapper {
public Wrapper(HttpServletResponse response) { super(response); }
public void addCookie(Cookie cookie) {
final String key = cookie.getName()+ "|" + cookie.getDomain() + "|" + cookie.getPath();
Cookie existing = cookies.get(key);
if (existing != null) {
if (Util.compare(cookie.getSecure(), existing.getSecure()) && // Util.compare returns true if the inputs are the same
Util.compare(cookie.getComment(), existing.getComment()) &&
Util.compare(cookie.getMaxAge(), existing.getMaxAge()) &&
Util.compare(cookie.getValue(), existing.getValue()) &&
Util.compare(cookie.getVersion(), existing.getVersion())
) { // these cookies are the same return; }
}
cookies.put(key, cookie);
super.addCookie(cookie);
}
}

11:27:25,821 WARN [log] header full: java.lang.ArrayIndexOutOfBoundsException: 4096
11:27:25,821 ERROR [EXCEPTION] Caused by: java.lang.ArrayIndexOutOfBoundsException: 4096
at org.mortbay.io.ByteArrayBuffer.poke(ByteArrayBuffer.java:268)
at org.mortbay.io.AbstractBuffer.put(AbstractBuffer.java:456)
at org.mortbay.jetty.HttpFields$Field.put(HttpFields.java:1424)
at org.mortbay.jetty.HttpGenerator.completeHeader(HttpGenerator.java:523)
at org.mortbay.jetty.HttpConnection.commitResponse(HttpConnection.java:626)
at org.mortbay.jetty.HttpConnection$Output.flush(HttpConnection.java:996)
at org.mortbay.jetty.AbstractGenerator$Output.write(AbstractGenerator.java:648)
at org.mortbay.jetty.AbstractGenerator$Output.write(AbstractGenerator.java:579)
at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:112)
at org.mortbay.jetty.AbstractGenerator$OutputWriter.write(AbstractGenerator.java:903)
at java.io.PrintWriter.write(PrintWriter.java:354)
at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:400)
at java.io.PrintWriter.write(PrintWriter.java:354)
at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:400)
at org.apache.jasper.runtime.BodyContentImpl.writeOut(BodyContentImpl.java:583)
at com.date.common.web.tag.BaseBodyTag.writeContent(BaseBodyTag.java:36)
at com.date.common.web.tag.FormTag.doEnd(FormTag.java:236)
at com.date.common.web.tag.BaseTag.doEndTag(BaseTag.java:53)
at com.date.jsp.common.landing_005fpage_005fjoin_005fform_005fr3v5_jsp._jspx_meth_date_form_0(landing_005fpage_005fjoin_005fform_005fr3v5_jsp.java:368)
at com.date.jsp.common.landing_005fpage_005fjoin_005fform_005fr3v5_jsp._jspService(landing_005fpage_005fjoin_005fform_005fr3v5_jsp.java:164)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.include(Dispatcher.java:192)
at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:1013)
at com.date.jsp.common.loginr3v5_jsp._jspService(loginr3v5_jsp.java:268)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1056)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:388)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:316)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:231)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1056)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.internalModuleRelativeForward(RequestProcessor.java:994)
at org.apache.struts.tiles.TilesRequestProcessor.internalModuleRelativeForward(TilesRequestProcessor.java:343)
at org.apache.struts.action.RequestProcessor.processForward(RequestProcessor.java:553)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:211)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1056)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:388)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:316)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:231)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:783)
at com.date.index_jsp._jspService(index_jsp.java:45)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.mortbay.jetty.servlet.DefaultServlet.doGet(DefaultServlet.java:500)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1056)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:388)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:316)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:231)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1056)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:388)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:316)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:231)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.I18NPngIEFix.doFilter(I18NPngIEFix.java:40)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.RedirectedURLFilter.doFilter(RedirectedURLFilter.java:117)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.ShowLoginLanguageFilter.doFilter(ShowLoginLanguageFilter.java:33)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.ThemedResourceFilter.doFilter(ThemedResourceFilter.java:69)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.SSLRedirectionFilter.doFilter(SSLRedirectionFilter.java:33)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.VersionedResourceFilter.doFilter(VersionedResourceFilter.java:105)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.GZIPFilter.doFilter(GZIPFilter.java:32)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.PreventURLRewritingFilter.doFilter(PreventURLRewritingFilter.java:35)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:536)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:915)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:539)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Daryl Beattie added a comment - 05/Nov/09 12:13 PM

This was also reproduced on 6.1.21 (and, as I mentioned, the snapshot from Nov 4 '09).

Show

Daryl Beattie added a comment - 05/Nov/09 12:13 PM This was also reproduced on 6.1.21 (and, as I mentioned, the snapshot from Nov 4 '09).

Hide

Permalink

Greg Wilkins added a comment - 16/Mar/10 12:18 PM

The AOOB exception is actually caused by the response header being too big (yes I know it is not a good error and we need to do better).

But on the actual issue itself, I'll have to check with the servlet spec EG if multiple calls to addCookie check for duplicates or not.

Show

Greg Wilkins added a comment - 16/Mar/10 12:18 PM The AOOB exception is actually caused by the response header being too big (yes I know it is not a good error and we need to do better). But on the actual issue itself, I'll have to check with the servlet spec EG if multiple calls to addCookie check for duplicates or not.

Hide

Permalink

Greg Wilkins added a comment - 03/May/10 6:26 PM

Fixed, but only in jetty-7.1

Show

Greg Wilkins added a comment - 03/May/10 6:26 PM Fixed, but only in jetty-7.1

Hide

Permalink

G�sli Kristj�nsson added a comment - 27/Jul/11 11:33 AM

This fix breaks rfc6265 and does not conform to javax.servlet.http.Cookie's description:

The browser returns cookies to the servlet by adding fields to HTTP request headers. Cookies can be retrieved from a request by using the HttpServletRequest.getCookies() method. Several cookies might have the same name but different path attributes.

The fix ensures a unique cookie name by removing all cookies from the Set-Cookie header with the same name. The fix should allow cookies with same names but different paths or different domains to be set.

Show

G�sli Kristj�nsson added a comment - 27/Jul/11 11:33 AM This fix breaks rfc6265 and does not conform to javax.servlet.http.Cookie's description: The browser returns cookies to the servlet by adding fields to HTTP request headers. Cookies can be retrieved from a request by using the HttpServletRequest.getCookies() method. Several cookies might have the same name but different path attributes. The fix ensures a unique cookie name by removing all cookies from the Set-Cookie header with the same name. The fix should allow cookies with same names but different paths or different domains to be set.

People

Assignee:

Greg Wilkins

Reporter:

Daryl Beattie

Vote (0)

Watch (2)

Dates

Created:

05/Nov/09 10:10 AM

Updated:

27/Jul/11 11:33 AM

Resolved:

03/May/10 6:26 PM