Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
4.2.2
-
None
Description
When a cookie is set with a value that contains spaces, BrowserCompatSpec does not use quotes in the Cookie request header. As a result the header is truncated by Tomcat.
To reproduce, I have got a servlet that creates a cookie:
response.addCookie(new Cookie("test","aaa bbb"));
Header in the response:
Set-Cookie: test="aaa bbb"; Version=1
Then a normal browser will send the cookie back with the quotes (tested with ff16.0.2 ie8.0 and chrome23):
Cookie: test="aaa bbb"
BrowserCompatSpec sends the cookie without the quotes:
Cookie: test=aaa bbb
Then with a Tomcat 7 server the cookie gets truncated:
request.getCookies()[0].getValue() -> aaa
Another test:
CookieOrigin origin = new CookieOrigin("www.foo.com", 80, "/", false);
CookieSpec cookieSpec = new BrowserCompatSpecFactory()
.newInstance(null);
Header setCookieHeader = new BasicHeader("Set-Cookie",
"test=\"aaa bbb\"; Version=1");
System.out.println("Set-Cookie header->" + setCookieHeader);
Cookie cookie = cookieSpec.parse(setCookieHeader, origin).get(0);
System.out.println("Cookie value->" + cookie.getValue());
List<Cookie> cookies = new ArrayList<Cookie>();
cookies.add(cookie);
Header header = cookieSpec.formatCookies(cookies).get(0);
System.out.println("Cookie header->" + header);
Output of the test:
Set-Cookie header->Set-Cookie: test="aaa bbb"; Version=1
Cookie value->aaa bbb
Cookie header->Cookie: test=aaa bbb
I suggest that in BrowserCompatSpec we format the Cookie header using BasicHeaderValueFormatter
This way only the cookie values containing separators will be quoted. The change on current behaviour is not big and we don't have to change a lot of code.
If it is OK for everybody, I can make a patch.