[GERONIMO-3861] cookies need to be validated and filtered - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.x
Fix Version/s: None
Component/s: AsyncHttpClient
Security Level: public (Regular issues)
Labels:
None

Description

Today AHC simply accepts all cookies from the response and emit all cookies in the request. However, the attributes need to be taken into consideration when we set the cookies as well as when we send them. Two parts of the issue:

[1] When we emit the cookies in the request, we need to check

if the domain matches
if the path matches
if the cookie has not expired
and if the cookie is secure (if the request protocol is http)

before adding it to the Cookie header.

[2] When we accept the cookies in the response, we need to check for the domain and the path. Note that we do not discard expired cookies, as that's often a way to delete an existing cookie.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

GERONIMO-3861.patch
25/Feb/08 23:41
31 kB
Sangjin Lee
GERONIMO-3861-v2.patch
26/Feb/08 20:52
33 kB
Sangjin Lee

Activity

People

Assignee:: Richard McGuire

Reporter:: Sangjin Lee

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/Feb/08 18:23

Updated:: 17/Mar/08 18:03

Resolved:: 26/Feb/08 15:56