Author: fhanik
Date: Tue Apr 20 17:13:37 2010
New Revision: 935998
URL: http://svn.apache.org/viewvc?rev=935998&view=rev
Log:
https://issues.apache.org/bugzilla/show_bug.cgi?id=49158
Session cookies should only set one header
Modified:
tomcat/trunk/java/org/apache/catalina/connector/Request.java
tomcat/trunk/java/org/apache/catalina/connector/Response.java
Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=935998&r1=935997&r2=935998&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Tue Apr 20
17:13:37 2010
@@ -2298,7 +2298,7 @@ public class Request
Cookie newCookie =
ApplicationSessionCookieConfig.createSessionCookie(context,
newSessionId, secure);
- response.addCookieInternal(newCookie);
+ response.addSessionCookieInternal(newCookie);
}
}
@@ -2622,7 +2622,7 @@ public class Request
ApplicationSessionCookieConfig.createSessionCookie(
context, session.getIdInternal(), isSecure());
- response.addCookieInternal(cookie);
+ response.addSessionCookieInternal(cookie);
}
if (session != null) {
Modified: tomcat/trunk/java/org/apache/catalina/connector/Response.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Response.java?rev=935998&r1=935997&r2=935998&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Response.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Response.java Tue Apr 20
17:13:37 2010
@@ -969,7 +969,37 @@ public class Response
}
-
+ /**
+ * Special method for adding a session cookie as we should be overriding
+ * any previous
+ * @param cookie
+ */
+ public void addSessionCookieInternal(final Cookie cookie) {
+ if (isCommitted())
+ return;
+
+ String name = cookie.getName();
+ final String headername = "Set-Cookie";
+ final String startsWith = name + "=";
+ final StringBuffer sb = generateCookieString(cookie);
+ boolean set = false;
+ MimeHeaders headers = coyoteResponse.getMimeHeaders();
+ int n = headers.size();
+ for (int i = 0; i < n; i++) {
+ if (headers.getName(i).toString().equals(headername)) {
+ if (headers.getValue(i).toString().startsWith(startsWith)) {
+ headers.setValue(sb.toString());
+ set = true;
+ }
+ }
+ }
+ if (!set) {
+ addHeader(headername, sb.toString());
+ cookies.add(cookie);
+ }
+
+
+ }
/**
* Add the specified Cookie to those that will be included with
* this Response.
@@ -981,6 +1011,17 @@ public class Response
if (isCommitted())
return;
+ final StringBuffer sb = generateCookieString(cookie);
+ //if we reached here, no exception, cookie is valid
+ // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
+ // RFC2965 is not supported by browsers and the Servlet spec
+ // asks for 2109.
+ addHeader("Set-Cookie", sb.toString());
+
+ cookies.add(cookie);
+ }
+
+ public StringBuffer generateCookieString(final Cookie cookie) {
final StringBuffer sb = new StringBuffer();
//web application code can receive a IllegalArgumentException
//from the appendCookieValue invocation
@@ -1003,13 +1044,7 @@ public class Response
cookie.getMaxAge(), cookie.getSecure(),
cookie.isHttpOnly());
}
- //if we reached here, no exception, cookie is valid
- // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
- // RFC2965 is not supported by browsers and the Servlet spec
- // asks for 2109.
- addHeader("Set-Cookie", sb.toString());
-
- cookies.add(cookie);
+ return sb;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
