[ jetty-Bugs-1276101 ] RFC 2109 violation?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[ jetty-Bugs-1276101 ] RFC 2109 violation?

Bugs item #1276101, was opened at 2005-08-29 16:47
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: HTTP protocol
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Jerry Dobner (jdobner)
Assigned to: Nobody/Anonymous (nobody)
Summary: RFC 2109 violation?

Initial Comment:
RFC 2109 states that

"User agents should send Cookie request headers,
subject to other rules detailed below, with every request."

However HttpRequest is created only once for
HttpConnection, and then read multiple times
(readRequest()). If only the first request on this
connection comes with a cookie, the _request instance
field of the connection will keep its _cookies field
while the connection lasts if further requests do not
bring any cookies at all.

While hardly a serious cause for security concerns,
this leads to some confusing results at development time.


You can respond by visiting:

SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
jetty-discuss mailing list
[hidden email]