CR: 7183292: HttpURLConnection.getHeaderFields() throws IllegalArgumentException: Illegal cookie name

[Michael McMahon]

Thanks for reviewing this Chris. On the question of whether $ should be 
allowed
in cookie names, it appears like that restriction has been removed from 
RFC 6265,
which is evidently a fairly comprehensive description of actual cookie 
usage on the web.
So, maybe we should just leave that out as well - assuming that it is 
being used in places
(albeit in contravention of the older RFC). What do you think?

- Michael

On 17/07/2012 14:18, Chris Hegarty wrote:
> On 17/07/2012 10:17, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please?
>>
>> http://cr.openjdk.java.net/~michaelm/7183292/webrev.1/
>>
>> Since 7u4, we are parsing all incoming cookies via the HttpCookie class.
>> This class has had a restriction on cookie names that is causing this
>> problem
>> and which is not required by any of the cookie specifications, as far as
>> I can see,
>> (rfc 2965, and 6265 which obsoletes 2965).
>
> Right, this is my reading of the RFC's also. In fact, RFC 2965 
> explicitly states that "the NAME of a cookie MAY be the same as one of 
> the attributes in this specification".
>
>> The restriction was that cookie names could not be the same (case
>> insensitively)
>> as any of the attribute names (eg. Domain). So, the change is to remove
>> the restriction.
>
> Yes, this makes sense to me.
>
> One comment on the webrev is that isReserved also enforces that the 
> name cannot start with a '$', from 2965: "NAMEs that begin with $ are 
> reserved and MUST NOT be used by applications." I think you may need 
> to minimally reintroduce this. Otherwise, the changes look good to me.
>
> -Chris.
>
>>
>> Thanks,
>> Michael