Bug 38256

Summary: Set-cookie headers with no "path" attribute incorrectly processed by CookieManager
Product: JMeter Reporter: William Herndon <bherndon>
Component: HTTPAssignee: JMeter issues mailing list <issues>
Status: RESOLVED FIXED    
Severity: major    
Priority: P2    
Version: Nightly (Please specify date)   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Patch for CookieManager#setCookieFromHeader
Patch for CookieManager#setCookieFromHeader
4 JUnit test cases to cover the set-cookie behavior

Description William Herndon 2006-01-13 07:43:56 UTC
JMeter's HTTP CookieManager (as of 2.1.20060112) processes set-cookie headers by
initially setting the new cookie's path to the same path as the requested URL
(modified slightly to trim the terminal page name).  When a set-cookie header
comes in with no path attribute, the URL's path is left in the cookie and that
path is used as the lookup key.  This is different than contemporary browsers
that use the root path (i.e., "/") as the path for set-cookie headers that lack
a path attribute.

The current behavior can cause many requests to set cookies with incorrect path
causing downstream failures for HTTP requests that need cookies that would
ordinarily be passed becauese thay have a root path.

The problem seems to be lines 327 through 336 of:

org.apache.jmeter.protocol.http.control.CookieManager

...method setCookieFromHeader()
Comment 1 William Herndon 2006-01-13 08:30:13 UTC
Created attachment 17406 [details]
Patch for CookieManager#setCookieFromHeader

I should note that I don't think that the URL setting that is being replaced is
necessary since browsers don't behave as if they ever use the submission URL. 
However, the the replaced code could be useful if moved to the section where
the set-cookie header *WITH* a path attribute is detected.
Comment 2 William Herndon 2006-01-13 08:30:18 UTC
Created attachment 17407 [details]
Patch for CookieManager#setCookieFromHeader

I should note that I don't think that the URL setting that is being replaced is
necessary since browsers don't behave as if they ever use the submission URL. 
However, the the replaced code could be useful if moved to the section where
the set-cookie header *WITH* a path attribute is detected.
Comment 3 William Herndon 2006-01-13 08:33:11 UTC
Created attachment 17408 [details]
4 JUnit test cases to cover the set-cookie behavior

The first two of these test cases should fail on 2.1.20060112 and succeed after
application of patch 17406.  The other two are included for completeness.
Comment 4 William Herndon 2006-01-13 08:36:29 UTC
Sorry my comment for attachment 38406 should have said the replaced code is *not
necessary* but could be useful elsewhere.
Comment 5 Sebb 2006-01-13 21:12:34 UTC
Thanks, applied to 2.1 branch.

By the way, the patches were quite difficult to use.
They were not in unified diff format, so could not be used by Eclipse.