[
https://issues.apache.org/jira/browse/GERONIMO-3861?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12572558#action_12572558
]
Sangjin Lee commented on GERONIMO-3861:
---------------------------------------
I'll submit a patch for 2.0 soon...
> cookies need to be validated and filtered
> -----------------------------------------
>
> Key: GERONIMO-3861
> URL: https://issues.apache.org/jira/browse/GERONIMO-3861
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: AsyncHttpClient
> Affects Versions: 1.x
> Reporter: Sangjin Lee
> Assignee: Rick McGuire
> Priority: Minor
> Attachments: GERONIMO-3861.patch
>
>
> Today AHC simply accepts all cookies from the response and emit all cookies
> in the request. However, the attributes need to be taken into consideration
> when we set the cookies as well as when we send them. Two parts of the issue:
> [1] When we emit the cookies in the request, we need to check
> - if the domain matches
> - if the path matches
> - if the cookie has not expired
> - and if the cookie is secure (if the request protocol is http)
> before adding it to the Cookie header.
> [2] When we accept the cookies in the response, we need to check for the
> domain and the path. Note that we do not discard expired cookies, as that's
> often a way to delete an existing cookie.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
