[jira] [Commented] (CXF-6862) Quoted path field in Cookies appears to be ignored by Chrome and Firefox

Fri, 08 Apr 2016 07:39:52 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-6862?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232270#comment-15232270
 ] 

Brendon commented on CXF-6862:
------------------------------

Hi Sergey,

Thanks for looking at this so quickly!

We pass the root path (/) to the NewCookie as a string without escaped quotes 
e.g. new NewCookie(etc, "/", etc).

I wasn't very clear but when I mentioned that Firefox interprets the cookie as 
""/"", I meant that if you inspect the cookie in developer tools it shows the / 
within double quotes but this probably isn't so important.

The main thing is that the cookie was sent to the browser on the root path but 
the browser was storing it under the current path e.g. /login.
Navigating to another page would then not include the cookie (unless it was 
under the previous path).
e.g. /login/profile would pass the cookie but /profile wouldn't.

I will check the latest snapshot when I get a chance and get let you know.

> Quoted path field in Cookies appears to be ignored by Chrome and Firefox
> ------------------------------------------------------------------------
>
>                 Key: CXF-6862
>                 URL: https://issues.apache.org/jira/browse/CXF-6862
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 3.1.5, 3.1.6
>            Reporter: Brendon
>
> I am attempting to update a project from v3.1.4 to v3.1.6 which includes a 
> fix for RFC 2109 compliance (https://issues.apache.org/jira/browse/CXF-6729) 
> but have hit a problem.
> The problem is that since 3.1.5, the cookie path field is wrapped in 
> quotations if it has a special character. This quoted path appears to be 
> ignored by Firefox and Chrome (it does work in Safari though).
> Example:
> Our code base is setting path=/ to specify the root path.
> This gets wrapped in quotations in NewCookieHeaderProvider's toString and 
> sent to the browser (Firefox). 
> Firefox then sees it as ""/"" and ignores it (presumable as "/" is not a 
> valid path).
> The cookie is then set on the current path and not the root path.
> This was not an issue in 3.1.4



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to