This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new e30f242a1c Incorrect processing of partitioned setting
e30f242a1c is described below
commit e30f242a1c9f45b769265555501cf37be07bd347
Author: remm <[email protected]>
AuthorDate: Tue Oct 7 14:46:04 2025 +0200
Incorrect processing of partitioned setting
BZ39836
Patch submitted by Marc Pynaert.
---
.../apache/tomcat/util/http/Rfc6265CookieProcessor.java | 2 +-
.../tomcat/util/http/TestCookieProcessorGeneration.java | 15 +++++++++++++++
webapps/docs/changelog.xml | 4 ++++
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
index 877d5e41ca..8f0b3bb40d 100644
--- a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
+++ b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
@@ -185,7 +185,7 @@ public class Rfc6265CookieProcessor extends
CookieProcessorBase {
header.append("; Partitioned");
}
} else {
- if (EMPTY_STRING.equals(cookiePartitioned)) {
+ if (EMPTY_STRING.equals(cookiePartitioned) ||
Boolean.parseBoolean(cookiePartitioned)) {
header.append("; Partitioned");
}
}
diff --git
a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
index e56a5aa675..4f95452e89 100644
--- a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
+++ b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
@@ -21,6 +21,8 @@ import jakarta.servlet.http.Cookie;
import org.junit.Assert;
import org.junit.Test;
+import org.apache.tomcat.util.descriptor.web.Constants;
+
public class TestCookieProcessorGeneration {
@Test
@@ -244,6 +246,19 @@ public class TestCookieProcessorGeneration {
rfc6265.setPartitioned(true);
Assert.assertEquals("foo=bar; Secure; HttpOnly; Partitioned",
rfc6265.generateHeader(cookie, null));
+
+ rfc6265.setPartitioned(false);
+ cookie.setAttribute(Constants.COOKIE_PARTITIONED_ATTR, "true");
+
+ Assert.assertEquals("foo=bar; Secure; HttpOnly; Partitioned",
rfc6265.generateHeader(cookie, null));
+
+ cookie.setAttribute(Constants.COOKIE_PARTITIONED_ATTR, "false");
+
+ Assert.assertEquals("foo=bar; Secure; HttpOnly",
rfc6265.generateHeader(cookie, null));
+
+ cookie.setAttribute(Constants.COOKIE_PARTITIONED_ATTR, "");
+
+ Assert.assertEquals("foo=bar; Secure; HttpOnly; Partitioned",
rfc6265.generateHeader(cookie, null));
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1037b19955..6ed1e6d0ae 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -215,6 +215,10 @@
(remm)
</update>
<!-- Entries for backport and removal before 12.0.0-M1 below this line
-->
+ <fix>
+ <bug>69836</bug>: Incorrect processing of partitioned setting when
+ generating session cookie. Patch submitted by Marc Pynaert. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
