Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.5.3
-
None
Description
org.apache.wicket.protocol.http.mock.MockHttpServletResponse.addCookie(Cookie) makes a bad check whether the cookie to be added is already in the list of cookies.
Since javax.servlet.http.Cookie doesn't implement #equals() "cookies.remove(cookie)" wont remove the previous cookie because the identity is different.
According to http://www.ietf.org/rfc/rfc2109.txt, p.4.3.3 :
If a user agent receives a Set-Cookie response header whose NAME is
the same as a pre-existing cookie, and whose Domain and Path
attribute values exactly (string) match those of a pre-existing
cookie, the new cookie supersedes the old. However, if the Set-
Cookie has a value for Max-Age of zero, the (old and new) cookie is
discarded. Otherwise cookies accumulate until they expire (resources
permitting), at which time they are discarded.
I.e. the equality is on the name, path and domain.