| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2207152 | 8 | Dmeetry Degrave | P4 | Closed | Fixed | b36 |
| JDK-8038319 | 7-pool | Dmeetry Degrave | P3 | Closed | Won't Fix |
We believe that the java.net.HttpCookie.domainMatches method does
not work perfectly according RFC 2965.
The following short testcase demonstrates the issue.
$ cat MyCookieDomain.java
public class MyCookieDomain {
public static void main(String[] args) throws Exception {
System.out.println(
java.net.HttpCookie.domainMatches(args[0], args[1]));
}
}
$ javac MyCookieDomain.java
$ java -showversion MyCookieDomain ajax.com www.ajax.com
java version "1.6.0_23"
Java(TM) SE Runtime Environment (build 1.6.0_23-b05)
Java HotSpot(TM) Server VM (build 19.0-b09, mixed mode)
false
The method returns false for "ajax.com". However, the Javadoc for the
static domainMatches method even contains an example from RFC 2965:
* A Set-Cookie2 with Domain=ajax.com will be accepted, and the
value for Domain will be taken to be .ajax.com, because a dot
gets prepended to the value.
See also
http://download.oracle.com/javase/6/docs/api/java/net/HttpCookie.html#domainMatches%28java.lang.String,%20java.lang.String%29
http://www.ietf.org/rfc/rfc2965.txt
According to the example, we believe that the method should return true
and not false. We believe that for the check, the method should prepend a leading dot
to the domain value if an explicitly specified value does not start with a dot.
Please evaluate.
not work perfectly according RFC 2965.
The following short testcase demonstrates the issue.
$ cat MyCookieDomain.java
public class MyCookieDomain {
public static void main(String[] args) throws Exception {
System.out.println(
java.net.HttpCookie.domainMatches(args[0], args[1]));
}
}
$ javac MyCookieDomain.java
$ java -showversion MyCookieDomain ajax.com www.ajax.com
java version "1.6.0_23"
Java(TM) SE Runtime Environment (build 1.6.0_23-b05)
Java HotSpot(TM) Server VM (build 19.0-b09, mixed mode)
false
The method returns false for "ajax.com". However, the Javadoc for the
static domainMatches method even contains an example from RFC 2965:
* A Set-Cookie2 with Domain=ajax.com will be accepted, and the
value for Domain will be taken to be .ajax.com, because a dot
gets prepended to the value.
See also
http://download.oracle.com/javase/6/docs/api/java/net/HttpCookie.html#domainMatches%28java.lang.String,%20java.lang.String%29
http://www.ietf.org/rfc/rfc2965.txt
According to the example, we believe that the method should return true
and not false. We believe that for the check, the method should prepend a leading dot
to the domain value if an explicitly specified value does not start with a dot.
Please evaluate.
- backported by
-
JDK-8038319 java.net.HttpCookie.domainMatches returns false if domain doesn't start with a dot
-
- Closed
-
-
-
- Closed
-