CR: 7183292: HttpURLConnection.getHeaderFields() throws IllegalArgumentException: Illegal cookie name

Michael McMahon michael.x.mcmahon at oracle.com
Wed Jul 18 10:38:38 PDT 2012 

Thanks Kurchi.

I have made one small change to another test, which was specifically 
testing the $name assertion.
So, that test had to be removed.

The new webrev is at :

http://cr.openjdk.java.net/~michaelm/7183292/webrev.3/

- Michael

On 17/07/12 18:15, Kurchi Subhra Hazra wrote:
> I have read the sections dealing with cookie-name in 6265, and these 
> changes look good to me.
>
> - Kurchi
>
> On 7/17/12 7:32 AM, Michael McMahon wrote:
>>
>> Thanks for reviewing this Chris. On the question of whether $ should 
>> be allowed
>> in cookie names, it appears like that restriction has been removed 
>> from RFC 6265,
>> which is evidently a fairly comprehensive description of actual 
>> cookie usage on the web.
>> So, maybe we should just leave that out as well - assuming that it is 
>> being used in places
>> (albeit in contravention of the older RFC). What do you think?
>>
>> - Michael
>>
>> On 17/07/2012 14:18, Chris Hegarty wrote:
>>> On 17/07/2012 10:17, Michael McMahon wrote:
>>>> Hi,
>>>>
>>>> Could I get the following change reviewed please?
>>>>
>>>> http://cr.openjdk.java.net/~michaelm/7183292/webrev.1/
>>>>
>>>> Since 7u4, we are parsing all incoming cookies via the HttpCookie 
>>>> class.
>>>> This class has had a restriction on cookie names that is causing this
>>>> problem
>>>> and which is not required by any of the cookie specifications, as 
>>>> far as
>>>> I can see,
>>>> (rfc 2965, and 6265 which obsoletes 2965).
>>>
>>> Right, this is my reading of the RFC's also. In fact, RFC 2965 
>>> explicitly states that "the NAME of a cookie MAY be the same as one 
>>> of the attributes in this specification".
>>>
>>>> The restriction was that cookie names could not be the same (case
>>>> insensitively)
>>>> as any of the attribute names (eg. Domain). So, the change is to 
>>>> remove
>>>> the restriction.
>>>
>>> Yes, this makes sense to me.
>>>
>>> One comment on the webrev is that isReserved also enforces that the 
>>> name cannot start with a '$', from 2965: "NAMEs that begin with $ 
>>> are reserved and MUST NOT be used by applications." I think you may 
>>> need to minimally reintroduce this. Otherwise, the changes look good 
>>> to me.
>>>
>>> -Chris.
>>>
>>>>
>>>> Thanks,
>>>> Michael
>>
>

More information about the net-dev mailing list