cookies need to be validated and filtered
-----------------------------------------
Key: GERONIMO-3861
URL: https://issues.apache.org/jira/browse/GERONIMO-3861
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: AsyncHttpClient
Affects Versions: 1.x
Reporter: Sangjin Lee
Assignee: Rick McGuire
Priority: Minor
Today AHC simply accepts all cookies from the response and emit all cookies in
the request. However, the attributes need to be taken into consideration when
we set the cookies as well as when we send them. Two parts of the issue:
[1] When we emit the cookies in the request, we need to check
- if the domain matches
- if the path matches
- if the cookie has not expired
- and if the cookie is secure (if the request protocol is http)
before adding it to the Cookie header.
[2] When we accept the cookies in the response, we need to check for the domain
and the path. Note that we do not discard expired cookies, as that's often a
way to delete an existing cookie.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
