https://bz.apache.org/bugzilla/show_bug.cgi?id=69836
Bug ID: 69836
Summary: usePartitioned="true" in context.xml does not result
in the Partitioned flag being added to session cookies
Product: Tomcat 11
Version: unspecified
Hardware: PC
Status: NEW
Severity: major
Priority: P2
Component: Util
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: -------
# Steps to Reproduce
Configure `context.xml` with:
```
<Context usePartitioned="true">
<CookieProcessor sameSiteCookies="none" partitioned="true" />
</Context>
```
Start Tomcat and inspect the `JSESSIONID` cookie.
# Observed Behavior
The JSESSIONID cookie does not include the Partitioned attribute.
# Expected Behavior
When `usePartitioned="true"`, the JSESSIONID cookie should include `;
Partitioned`.
# Root Cause Analysis
In Rfc6265CookieProcessor (line ~182):
```
String cookiePartitioned =
cookie.getAttribute(Constants.COOKIE_PARTITIONED_ATTR);
if (cookiePartitioned == null) {
if (getPartitioned()) {
header.append("; Partitioned");
}
} else {
if (EMPTY_STRING.equals(cookiePartitioned)) {
header.append("; Partitioned");
}
}
```
However, the attribute is set as:
```
cookie.setAttribute(Constants.COOKIE_PARTITIONED_ATTR,
Boolean.toString(context.getUsePartitioned()));
```
This means `cookiePartitioned` is always "true" or "false", never null or
empty.
As a result, the `Partitioned` flag is never appended.
# Proposed Fix
Update the condition to also handle "true" values:
```
String cookiePartitioned =
cookie.getAttribute(Constants.COOKIE_PARTITIONED_ATTR);
if (cookiePartitioned == null) {
if (getPartitioned()) {
header.append("; Partitioned");
}
} else {
if (EMPTY_STRING.equals(cookiePartitioned) ||
Boolean.parseBoolean(cookiePartitioned)) {
header.append("; Partitioned");
}
}
```
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
