svn commit: r1787250 - in /tomcat/trunk: java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java webapps/docs/changelog.xml

Thu, 16 Mar 2017 14:18:23 -0700 

Author: markt
Date: Thu Mar 16 21:18:13 2017
New Revision: 1787250

URL: http://svn.apache.org/viewvc?rev=1787250&view=rev
Log:
Ensure that Set-Cookie headers generated by the Rfc6265CookieProcessor are 
aligned with the specification.
Patch provided by Jim Griswold. 

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
    
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java?rev=1787250&r1=1787249&r2=1787250&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java 
Thu Mar 16 21:18:13 2017
@@ -120,7 +120,7 @@ public class Rfc6265CookieProcessor exte
         int maxAge = cookie.getMaxAge();
         if (maxAge > -1) {
             // Negative Max-Age is equivalent to no Max-Age
-            header.append(";Max-Age=");
+            header.append("; Max-Age=");
             header.append(maxAge);
 
             // Microsoft IE and Microsoft Edge don't understand Max-Age so send
@@ -128,7 +128,7 @@ public class Rfc6265CookieProcessor exte
             // browsers. See http://tomcat.markmail.org/thread/g6sipbofsjossacn
 
             // Wdy, DD-Mon-YY HH:MM:SS GMT ( Expires Netscape format )
-            header.append (";Expires=");
+            header.append ("; Expires=");
             // To expire immediately we need to set the time in past
             if (maxAge == 0) {
                 header.append(ANCIENT_DATE);
@@ -143,23 +143,23 @@ public class Rfc6265CookieProcessor exte
         String domain = cookie.getDomain();
         if (domain != null && domain.length() > 0) {
             validateDomain(domain);
-            header.append(";domain=");
+            header.append("; Domain=");
             header.append(domain);
         }
 
         String path = cookie.getPath();
         if (path != null && path.length() > 0) {
             validatePath(path);
-            header.append(";path=");
+            header.append("; Path=");
             header.append(path);
         }
 
         if (cookie.getSecure()) {
-            header.append(";Secure");
+            header.append("; Secure");
         }
 
         if (cookie.isHttpOnly()) {
-            header.append(";HttpOnly");
+            header.append("; HttpOnly");
         }
 
         return header.toString();

Modified: 
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java?rev=1787250&r1=1787249&r2=1787250&view=diff
==============================================================================
--- 
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
 (original)
+++ 
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
 Thu Mar 16 21:18:13 2017
@@ -182,12 +182,13 @@ public class TestCookieProcessorGenerati
 
     @Test
     public void v1TestMaxAgePositive() {
-        doV1TestMaxAge(100, "foo=bar; Version=1; Max-Age=100", 
"foo=bar;Max-Age=100");
+        doV1TestMaxAge(100, "foo=bar; Version=1; Max-Age=100", "foo=bar; 
Max-Age=100");
     }
 
     @Test
     public void v1TestMaxAgeZero() {
-        doV1TestMaxAge(0, "foo=bar; Version=1; Max-Age=0", 
"foo=bar;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:10 GMT");
+        doV1TestMaxAge(0, "foo=bar; Version=1; Max-Age=0",
+                "foo=bar; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT");
     }
 
     @Test
@@ -198,13 +199,13 @@ public class TestCookieProcessorGenerati
     @Test
     public void v1TestDomainValid01() {
         doV1TestDomain("example.com", "foo=bar; Version=1; Domain=example.com",
-                "foo=bar;domain=example.com");
+                "foo=bar; Domain=example.com");
     }
 
     @Test
     public void v1TestDomainValid02() {
         doV1TestDomain("exa-mple.com", "foo=bar; Version=1; 
Domain=exa-mple.com",
-                "foo=bar;domain=exa-mple.com");
+                "foo=bar; Domain=exa-mple.com");
     }
 
     @Test
@@ -245,7 +246,7 @@ public class TestCookieProcessorGenerati
     @Test
     public void v1TestPathValid() {
         doV1TestPath("/example", "foo=bar; Version=1; Path=/example",
-                "foo=bar;path=/example");
+                "foo=bar; Path=/example");
     }
 
     @Test

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1787250&r1=1787249&r2=1787250&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Mar 16 21:18:13 2017
@@ -64,6 +64,11 @@
         Containers are configured with a value of 1 for startStopThreads.
         (markt)
       </fix>
+      <fix>
+        <bug>60876</bug>: Ensure that <code>Set-Cookie</code> headers generated
+        by the <code>Rfc6265CookieProcessor</code> are aligned with the
+        specification. Patch provided by Jim Griswold. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to