CR: 7183292: HttpURLConnection.getHeaderFields() throws IllegalArgumentException: Illegal cookie name

[Kurchi Subhra Hazra]

I have read the sections dealing with cookie-name in 6265, and these 
changes look good to me.

- Kurchi

On 7/17/12 7:32 AM, Michael McMahon wrote:
>
> Thanks for reviewing this Chris. On the question of whether $ should 
> be allowed
> in cookie names, it appears like that restriction has been removed 
> from RFC 6265,
> which is evidently a fairly comprehensive description of actual cookie 
> usage on the web.
> So, maybe we should just leave that out as well - assuming that it is 
> being used in places
> (albeit in contravention of the older RFC). What do you think?
>
> - Michael
>
> On 17/07/2012 14:18, Chris Hegarty wrote:
>> On 17/07/2012 10:17, Michael McMahon wrote:
>>> Hi,
>>>
>>> Could I get the following change reviewed please?
>>>
>>> http://cr.openjdk.java.net/~michaelm/7183292/webrev.1/
>>>
>>> Since 7u4, we are parsing all incoming cookies via the HttpCookie 
>>> class.
>>> This class has had a restriction on cookie names that is causing this
>>> problem
>>> and which is not required by any of the cookie specifications, as 
>>> far as
>>> I can see,
>>> (rfc 2965, and 6265 which obsoletes 2965).
>>
>> Right, this is my reading of the RFC's also. In fact, RFC 2965 
>> explicitly states that "the NAME of a cookie MAY be the same as one 
>> of the attributes in this specification".
>>
>>> The restriction was that cookie names could not be the same (case
>>> insensitively)
>>> as any of the attribute names (eg. Domain). So, the change is to remove
>>> the restriction.
>>
>> Yes, this makes sense to me.
>>
>> One comment on the webrev is that isReserved also enforces that the 
>> name cannot start with a '$', from 2965: "NAMEs that begin with $ are 
>> reserved and MUST NOT be used by applications." I think you may need 
>> to minimally reintroduce this. Otherwise, the changes look good to me.
>>
>> -Chris.
>>
>>>
>>> Thanks,
>>> Michael
>