38256 – Set-cookie headers with no "path" attribute incorrectly processed by CookieManager

Bug 38256 - Set-cookie headers with no "path" attribute incorrectly processed by CookieManager

Summary: Set-cookie headers with no "path" attribute incorrectly processed by CookieMa...

Status:	RESOLVED FIXED

Alias:	None

Product:	JMeter - Now in Github
Classification:	Unclassified
Component:	HTTP (show other bugs)
Version:	Nightly (Please specify date)
Hardware:	All All

Importance:	P2 major (vote)
Target Milestone:	---
Assignee:	JMeter issues mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-01-13 07:43 UTC by William Herndon
Modified:	2006-01-13 12:12 UTC (History)
CC List:	0 users

Attachments
Patch for CookieManager#setCookieFromHeader (643 bytes, patch) 2006-01-13 08:30 UTC, William Herndon	Details \| Diff
Patch for CookieManager#setCookieFromHeader (643 bytes, patch) 2006-01-13 08:30 UTC, William Herndon	Details \| Diff
4 JUnit test cases to cover the set-cookie behavior (1.64 KB, patch) 2006-01-13 08:33 UTC, William Herndon	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description William Herndon 2006-01-13 07:43:56 UTC

JMeter's HTTP CookieManager (as of 2.1.20060112) processes set-cookie headers by
initially setting the new cookie's path to the same path as the requested URL
(modified slightly to trim the terminal page name).  When a set-cookie header
comes in with no path attribute, the URL's path is left in the cookie and that
path is used as the lookup key.  This is different than contemporary browsers
that use the root path (i.e., "/") as the path for set-cookie headers that lack
a path attribute.

The current behavior can cause many requests to set cookies with incorrect path
causing downstream failures for HTTP requests that need cookies that would
ordinarily be passed becauese thay have a root path.

The problem seems to be lines 327 through 336 of:

org.apache.jmeter.protocol.http.control.CookieManager

...method setCookieFromHeader()

Comment 1 William Herndon 2006-01-13 08:30:13 UTC

Created attachment 17406 [details]
Patch for CookieManager#setCookieFromHeader

I should note that I don't think that the URL setting that is being replaced is
necessary since browsers don't behave as if they ever use the submission URL. 
However, the the replaced code could be useful if moved to the section where
the set-cookie header *WITH* a path attribute is detected.

Comment 2 William Herndon 2006-01-13 08:30:18 UTC

Created attachment 17407 [details]
Patch for CookieManager#setCookieFromHeader

I should note that I don't think that the URL setting that is being replaced is
necessary since browsers don't behave as if they ever use the submission URL. 
However, the the replaced code could be useful if moved to the section where
the set-cookie header *WITH* a path attribute is detected.

Comment 3 William Herndon 2006-01-13 08:33:11 UTC

Created attachment 17408 [details]
4 JUnit test cases to cover the set-cookie behavior

The first two of these test cases should fail on 2.1.20060112 and succeed after
application of patch 17406.  The other two are included for completeness.

Comment 4 William Herndon 2006-01-13 08:36:29 UTC

Sorry my comment for attachment 38406 [details] should have said the replaced code is *not
necessary* but could be useful elsewhere.

Comment 5 Sebb 2006-01-13 21:12:34 UTC

Thanks, applied to 2.1 branch.

By the way, the patches were quite difficult to use.
They were not in unified diff format, so could not be used by Eclipse.

Comment 6 The ASF infrastructure team 2022-09-24 20:37:36 UTC

This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/1664