[ jetty-Bugs-1276101 ] RFC 2109 violation?

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[ jetty-Bugs-1276101 ] RFC 2109 violation?

Bugs item #1276101, was opened at 2005-08-29 21:47
Message generated for change (Settings changed) made by gregwilkins
You can respond by visiting:

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: HTTP protocol
Group: None
>Status: Closed
Resolution: Invalid
Priority: 5
Submitted By: Jerry Dobner (jdobner)
Assigned to: Greg Wilkins (gregwilkins)
Summary: RFC 2109 violation?

Initial Comment:
RFC 2109 states that

"User agents should send Cookie request headers,
subject to other rules detailed below, with every request."

However HttpRequest is created only once for
HttpConnection, and then read multiple times
(readRequest()). If only the first request on this
connection comes with a cookie, the _request instance
field of the connection will keep its _cookies field
while the connection lasts if further requests do not
bring any cookies at all.

While hardly a serious cause for security concerns,
this leads to some confusing results at development time.


Comment By: Greg Wilkins (gregwilkins)
Date: 2005-09-11 19:19

Logged In: YES

Jetty does make the assumption that cookies will be the same
in each request from a connection.  BUT importantly it
checks that assumption.  The cookiesExtracted boolean is set
to false by recycle request, so that when getCookies is next
called the
cookie array is check for matching cookies.  If they match,
the old cookies are used (saving parsing, object creation
etc. etc.)
if they do not match, then new cookies are parsed.

I just doubled checked this and it is working.


You can respond by visiting:

This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
jetty-discuss mailing list
[hidden email]