bonampak commented on PR #1132:
URL: https://github.com/apache/knox/pull/1132#issuecomment-3659745732
> So as I understand the culprit behind the "null" value is
`sb.append('=').append(value);` in SetCookieHeader, right? Wouldn't it be
better to fix that by appending an empty value? Also the SetCookieHeader class
was [introduced](https://github.com/apache/knox/pull/1042) because with java 8
the sameSite attribute was missing from `org.pac4j.core.context.Cookie`. Is
switching back an option?
We could switch back as now setSameSitePolicy() is available on
org.pac4j.core.context.Cookie.
It would still generate name=null; if the cookie value is null.
```java
Cookie cookie;
if (value == null) {
cookie = new Cookie(PAC4J_SESSION_PREFIX + key, null);
}
...
if(sessionStoreConfigs != null &&
sessionStoreConfigs.containsKey(PAC4J_COOKIE_SAMESITE)) {
cookie.setSameSitePolicy(sessionStoreConfigs.get(PAC4J_COOKIE_SAMESITE));
}
context.addResponseCookie(cookie);
```
https://github.com/pac4j/pac4j/blob/pac4j-parent-6.3.0/pac4j-javaee/src/main/java/org/pac4j/jee/context/JEEContext.java#L217
https://github.com/pac4j/pac4j/blob/pac4j-parent-6.3.0/pac4j-core/src/main/java/org/pac4j/core/context/WebContextHelper.java#L147
```java
public static String createCookieHeader(Cookie cookie) {
var builder = new StringBuilder();
builder.append(String.format("%s=%s;", cookie.getName(),
cookie.getValue()));
```
For now, I would keep it as it is, and create another issue to switch back
to `org.pac4j.core.context.Cookie` later (and set cookie value to empty string
instead of null).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
