[ jetty-Bugs-1276101 ] RFC 2109 violation?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[ jetty-Bugs-1276101 ] RFC 2109 violation?

Bugs item #1276101, was opened at 2005-08-29 21:47
Message generated for change (Comment added) made by gregwilkins
You can respond by visiting:

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: HTTP protocol
Group: None
Status: Open
>Resolution: Invalid
Priority: 5
Submitted By: Jerry Dobner (jdobner)
>Assigned to: Greg Wilkins (gregwilkins)
Summary: RFC 2109 violation?

Initial Comment:
RFC 2109 states that

"User agents should send Cookie request headers,
subject to other rules detailed below, with every request."

However HttpRequest is created only once for
HttpConnection, and then read multiple times
(readRequest()). If only the first request on this
connection comes with a cookie, the _request instance
field of the connection will keep its _cookies field
while the connection lasts if further requests do not
bring any cookies at all.

While hardly a serious cause for security concerns,
this leads to some confusing results at development time.


>Comment By: Greg Wilkins (gregwilkins)
Date: 2005-09-11 19:19

Logged In: YES

Jetty does make the assumption that cookies will be the same
in each request from a connection.  BUT importantly it
checks that assumption.  The cookiesExtracted boolean is set
to false by recycle request, so that when getCookies is next
called the
cookie array is check for matching cookies.  If they match,
the old cookies are used (saving parsing, object creation
etc. etc.)
if they do not match, then new cookies are parsed.

I just doubled checked this and it is working.


You can respond by visiting:

SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
jetty-discuss mailing list
[hidden email]