2

When sending a header with the value Cookie: c=:, the servlet implementation of JBoss 7.2.0.Final returns null for the following code:

request.getCookies(); // null

But when I read the header it returns the value correctly:

request.getHeader( "Cookie" ); // c=:

According to the RFC 6265, colon should be considered a valid cookie-value. This answer shows the proper characters inside the allowed range (see the colon right there in the third line).

Now, can somebody tell me why the hell the javax.servlet.http.HttpServletRequest#getCookies() implementation of JBoss 7.2.0.final cannot read a cookie created with : in the value?

Community
  • 1
  • 1
Fagner Brack
  • 2,365
  • 4
  • 33
  • 69
  • if that's the case, it can be considered a bug in JBoss, and you should file a bug report. – ZhongYu Jun 06 '15 at 01:21
  • Before you leap to the conclusion that it is a JBoss bug, you ought to take a look at the raw header line, and see if there are 1) extraneous whitespace characters, 2) homoglyphs or 3) something else unexpected. – Stephen C Jun 06 '15 at 01:34
  • I can ensure that there's no additional whitespace/homoglyphs or anything else unexpected. I have an integration test that checks the encoding routine for all allowed and disallowed cookie characters. When I changed the code to read from the "Cookie" header the character is processed correctly. Take a look in the project that is in development: https://github.com/js-cookie/java-cookie/tree/c157e41f3b1c0412577333cd7b92083976f02ba6 – Fagner Brack Jun 06 '15 at 03:00
  • It fails for the following test: https://github.com/js-cookie/js-cookie/blob/61abed8ffbb48eaf53e31219495ccba215e4d8f2/test/encoding.js#L122-L130. A lot of other tests with different characters failed with the same symptom, but after fixing the colon problem by reading directly from the header, it solved most of them. – Fagner Brack Jun 06 '15 at 03:08

0 Answers0