[jira] [Commented] (CXF-6729) Version 1 NewCookie is not compliant with RFC 2109

Tue, 12 Jan 2016 02:40:56 -0800 

    [ 
https://issues.apache.org/jira/browse/CXF-6729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15093709#comment-15093709
 ] 

Sergey Beryozkin commented on CXF-6729:
---------------------------------------

Hi Neal, thanks for your effort, I have few comments.

- Lets keep the original toString() code, without any version0 vs version1 
checks because no one actually uses Version 0 or even attempts to set Version 0 
or 1, it is either Version 1 or none. You have convertV0SetCookie(cookie, 
false); used twice with 'false' only used twice too, what is the point of 
having this flag then ? Lets keep it simple (and do it the same way RI does 
it), JAX-RS 1.0 starts from supporting Version 1 so lets not worry about some 
Version 0 cookies (though I do appreciate your effort in trying to get V0 
supported).
- Please keep only maybeQuote() and needsQuote() functions, and indeed update 
the original toString() code to use maybeQuote()
- Do not check the cookie value for 'null' - NewCookie super constructor does it
- Do not quote empty values, I see from the spec:
  av-pair         =       attr ["=" value]        ; optional value 
So if the value is empty then it should be just attr=, it is equivalent to 
being null
- Please do the next patch as 'git diff' - I can not see what has changed in 
ResponseImplTest
- If we quote the white spaced values then should Cookie.fromString() unquote 
such values, again, what does RI does ?

Many Thanks, Sergey

 


>  Version 1 NewCookie is not compliant with RFC 2109
> ---------------------------------------------------
>
>                 Key: CXF-6729
>                 URL: https://issues.apache.org/jira/browse/CXF-6729
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 3.0.7, 3.1.4
>         Environment: Windows
>            Reporter: Neal Hu
>             Fix For: 3.1.5, 3.0.8
>
>         Attachments: NewCookieHeaderProvider.java, 
> NewCookieHeaderProviderTest.java, ResponseImplTest.java
>
>
> Hi,
> From http://www.ietf.org/rfc/rfc2109.txt and 
> http://stackoverflow.com/questions/572482/why-do-cookie-values-with-whitespace-arrive-at-the-client-side-with-quotes
> the version 1 cookie look like: name="value with 
> spaces";Max-Age=3600;Path="/";Version=1
> NewCookieHeaderProvider.toString(NewCookie) has not handled the special 
> characters(RFC2068) that need around with quotes



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to