Jetty

ArrayIndexOutOfBoundsException if too many cookie headers are set

Details

  • Type: Improvement Improvement
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 6.1.18
  • Fix Version/s: 7.1.0
  • Component/s: None
  • Labels:
    None
  • Environment:
    Windows and Linux, JDK 1.5.0_19, Jetty 6.1.18 -and- snapshot from Nov 4 2009, running Jetty in JBoss.
  • Number of attachments :
    0

Description

We have an application which was writing the same cookie multiple times throughout the request processing lifecycle. In Jetty 5.1.14 and previous versions this did not cause any problems. However, in Jetty 6.1 this can cause an ArrayIndexOutOfBoundsException.

A sample stack trace we have follows. We worked around the problem in a Filter by wrapping the HttpServletResponse and overriding addCookie. This handles every possible cookie case without having to audit the code looking for potential duplicate cookie setting. The expected behaviour should be that Jetty should discard duplicate cookies if the headers have not been sent, or else send them, but not overrun its header buffer.

// workaround code
public class Wrapper extends HttpServletResponseWrapper {
public Wrapper(HttpServletResponse response)

{ super(response); }

public void addCookie(Cookie cookie) {
final String key = cookie.getName()+ "|" + cookie.getDomain() + "|" + cookie.getPath();
Cookie existing = cookies.get(key);
if (existing != null) {
if (Util.compare(cookie.getSecure(), existing.getSecure()) && // Util.compare returns true if the inputs are the same
Util.compare(cookie.getComment(), existing.getComment()) &&
Util.compare(cookie.getMaxAge(), existing.getMaxAge()) &&
Util.compare(cookie.getValue(), existing.getValue()) &&
Util.compare(cookie.getVersion(), existing.getVersion())
)

{ // these cookies are the same return; }

}
cookies.put(key, cookie);
super.addCookie(cookie);
}
}

11:27:25,821 WARN [log] header full: java.lang.ArrayIndexOutOfBoundsException: 4096
11:27:25,821 ERROR [EXCEPTION] Caused by: java.lang.ArrayIndexOutOfBoundsException: 4096
at org.mortbay.io.ByteArrayBuffer.poke(ByteArrayBuffer.java:268)
at org.mortbay.io.AbstractBuffer.put(AbstractBuffer.java:456)
at org.mortbay.jetty.HttpFields$Field.put(HttpFields.java:1424)
at org.mortbay.jetty.HttpGenerator.completeHeader(HttpGenerator.java:523)
at org.mortbay.jetty.HttpConnection.commitResponse(HttpConnection.java:626)
at org.mortbay.jetty.HttpConnection$Output.flush(HttpConnection.java:996)
at org.mortbay.jetty.AbstractGenerator$Output.write(AbstractGenerator.java:648)
at org.mortbay.jetty.AbstractGenerator$Output.write(AbstractGenerator.java:579)
at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:112)
at org.mortbay.jetty.AbstractGenerator$OutputWriter.write(AbstractGenerator.java:903)
at java.io.PrintWriter.write(PrintWriter.java:354)
at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:400)
at java.io.PrintWriter.write(PrintWriter.java:354)
at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:400)
at org.apache.jasper.runtime.BodyContentImpl.writeOut(BodyContentImpl.java:583)
at com.date.common.web.tag.BaseBodyTag.writeContent(BaseBodyTag.java:36)
at com.date.common.web.tag.FormTag.doEnd(FormTag.java:236)
at com.date.common.web.tag.BaseTag.doEndTag(BaseTag.java:53)
at com.date.jsp.common.landing_005fpage_005fjoin_005fform_005fr3v5_jsp._jspx_meth_date_form_0(landing_005fpage_005fjoin_005fform_005fr3v5_jsp.java:368)
at com.date.jsp.common.landing_005fpage_005fjoin_005fform_005fr3v5_jsp._jspService(landing_005fpage_005fjoin_005fform_005fr3v5_jsp.java:164)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.include(Dispatcher.java:192)
at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:1013)
at com.date.jsp.common.loginr3v5_jsp._jspService(loginr3v5_jsp.java:268)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1056)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:388)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:316)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:231)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1056)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.internalModuleRelativeForward(RequestProcessor.java:994)
at org.apache.struts.tiles.TilesRequestProcessor.internalModuleRelativeForward(TilesRequestProcessor.java:343)
at org.apache.struts.action.RequestProcessor.processForward(RequestProcessor.java:553)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:211)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1056)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:388)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:316)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:231)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:783)
at com.date.index_jsp._jspService(index_jsp.java:45)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.mortbay.jetty.servlet.DefaultServlet.doGet(DefaultServlet.java:500)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1056)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:388)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:316)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:231)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1056)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:388)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:316)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:231)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.jsr77.Jsr77ServletHolder.handle(Jsr77ServletHolder.java:74)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.date.common.web.filter.ABTestFilter.doFilter(ABTestFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.I18NPngIEFix.doFilter(I18NPngIEFix.java:40)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.RedirectedURLFilter.doFilter(RedirectedURLFilter.java:117)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.ShowLoginLanguageFilter.doFilter(ShowLoginLanguageFilter.java:33)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.ThemedResourceFilter.doFilter(ThemedResourceFilter.java:69)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.SSLRedirectionFilter.doFilter(SSLRedirectionFilter.java:33)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.LanguageFilter.doFilter(LanguageFilter.java:87)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.VersionedResourceFilter.doFilter(VersionedResourceFilter.java:105)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.GZIPFilter.doFilter(GZIPFilter.java:32)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.date.common.web.filter.PreventURLRewritingFilter.doFilter(PreventURLRewritingFilter.java:35)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:536)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:915)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:539)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Daryl Beattie added a comment -

This was also reproduced on 6.1.21 (and, as I mentioned, the snapshot from Nov 4 '09).

Show
Daryl Beattie added a comment - This was also reproduced on 6.1.21 (and, as I mentioned, the snapshot from Nov 4 '09).
Hide
Permalink
Greg Wilkins added a comment -

The AOOB exception is actually caused by the response header being too big (yes I know it is not a good error and we need to do better).

But on the actual issue itself, I'll have to check with the servlet spec EG if multiple calls to addCookie check for duplicates or not.

Show
Greg Wilkins added a comment - The AOOB exception is actually caused by the response header being too big (yes I know it is not a good error and we need to do better). But on the actual issue itself, I'll have to check with the servlet spec EG if multiple calls to addCookie check for duplicates or not.
Hide
Permalink
Greg Wilkins added a comment -

Fixed, but only in jetty-7.1

Show
Greg Wilkins added a comment - Fixed, but only in jetty-7.1
Hide
Permalink
Gísli Kristjánsson added a comment -

This fix breaks rfc6265 and does not conform to javax.servlet.http.Cookie's description:

The browser returns cookies to the servlet by adding fields to HTTP request headers. Cookies can be retrieved from a request by using the HttpServletRequest.getCookies() method. Several cookies might have the same name but different path attributes.

The fix ensures a unique cookie name by removing all cookies from the Set-Cookie header with the same name. The fix should allow cookies with same names but different paths or different domains to be set.

Show
Gísli Kristjánsson added a comment - This fix breaks rfc6265 and does not conform to javax.servlet.http.Cookie's description: The browser returns cookies to the servlet by adding fields to HTTP request headers. Cookies can be retrieved from a request by using the HttpServletRequest.getCookies() method. Several cookies might have the same name but different path attributes. The fix ensures a unique cookie name by removing all cookies from the Set-Cookie header with the same name. The fix should allow cookies with same names but different paths or different domains to be set.

People

  • Assignee:
    Greg Wilkins
    Reporter:
    Daryl Beattie
Vote (0)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved: