Bug 38256 - Set-cookie headers with no "path" attribute incorrectly processed by CookieManager
Set-cookie headers with no "path" attribute incorrectly processed by CookieMa...
Status: RESOLVED FIXED
Product: JMeter
Classification: Unclassified
Component: HTTP
Nightly (Please specify date)
All All
: P2 major (vote)
: ---
Assigned To: JMeter issues mailing list
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2006-01-13 07:43 UTC by William Herndon
Modified: 2006-01-13 12:12 UTC (History)
0 users



Attachments
Patch for CookieManager#setCookieFromHeader (643 bytes, patch)
2006-01-13 08:30 UTC, William Herndon
Details | Diff
Patch for CookieManager#setCookieFromHeader (643 bytes, patch)
2006-01-13 08:30 UTC, William Herndon
Details | Diff
4 JUnit test cases to cover the set-cookie behavior (1.64 KB, patch)
2006-01-13 08:33 UTC, William Herndon
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description William Herndon 2006-01-13 07:43:56 UTC
JMeter's HTTP CookieManager (as of 2.1.20060112) processes set-cookie headers by
initially setting the new cookie's path to the same path as the requested URL
(modified slightly to trim the terminal page name).  When a set-cookie header
comes in with no path attribute, the URL's path is left in the cookie and that
path is used as the lookup key.  This is different than contemporary browsers
that use the root path (i.e., "/") as the path for set-cookie headers that lack
a path attribute.

The current behavior can cause many requests to set cookies with incorrect path
causing downstream failures for HTTP requests that need cookies that would
ordinarily be passed becauese thay have a root path.

The problem seems to be lines 327 through 336 of:

org.apache.jmeter.protocol.http.control.CookieManager

...method setCookieFromHeader()
Comment 1 William Herndon 2006-01-13 08:30:13 UTC
Created attachment 17406 [details]
Patch for CookieManager#setCookieFromHeader

I should note that I don't think that the URL setting that is being replaced is
necessary since browsers don't behave as if they ever use the submission URL. 
However, the the replaced code could be useful if moved to the section where
the set-cookie header *WITH* a path attribute is detected.
Comment 2 William Herndon 2006-01-13 08:30:18 UTC
Created attachment 17407 [details]
Patch for CookieManager#setCookieFromHeader

I should note that I don't think that the URL setting that is being replaced is
necessary since browsers don't behave as if they ever use the submission URL. 
However, the the replaced code could be useful if moved to the section where
the set-cookie header *WITH* a path attribute is detected.
Comment 3 William Herndon 2006-01-13 08:33:11 UTC
Created attachment 17408 [details]
4 JUnit test cases to cover the set-cookie behavior

The first two of these test cases should fail on 2.1.20060112 and succeed after
application of patch 17406.  The other two are included for completeness.
Comment 4 William Herndon 2006-01-13 08:36:29 UTC
Sorry my comment for attachment 38406 should have said the replaced code is *not
necessary* but could be useful elsewhere.
Comment 5 Sebb 2006-01-13 21:12:34 UTC
Thanks, applied to 2.1 branch.

By the way, the patches were quite difficult to use.
They were not in unified diff format, so could not be used by Eclipse.