A DESCRIPTION OF THE PROBLEM :
The domain matching is defined slightly differently in the new RFC 6265 which obsoletes RFC 2965. Only the latter is implemented in HttpCookie.domainMatches(...), though (https://tools.ietf.org/html/rfc2965#section-3.3). Instead the rules from the newer RFC 6265 should be followed (https://tools.ietf.org/html/rfc6265#section-5.1.3).
The following example gives different results in those two RFCs with respect to domain matching:
cookie-domain: example.com, current-domain: some.sub.example.com, this should be a match according to RFC 6265 but should be no match according to the old RFC 2965.
The domain matching is defined slightly differently in the new RFC 6265 which obsoletes RFC 2965. Only the latter is implemented in HttpCookie.domainMatches(...), though (https://tools.ietf.org/html/rfc2965#section-3.3). Instead the rules from the newer RFC 6265 should be followed (https://tools.ietf.org/html/rfc6265#section-5.1.3).
The following example gives different results in those two RFCs with respect to domain matching:
cookie-domain: example.com, current-domain: some.sub.example.com, this should be a match according to RFC 6265 but should be no match according to the old RFC 2965.
- duplicates
-
JDK-8206092 HttpCookie.domainMatches() does not match to sub-sub-domain
-
- Open
-