RFR: 8005068 - HttpCookie does not correctly handle negative maxAge values
Rob McKenna
rob.mckenna at oracle.com
Fri Oct 18 10:36:39 PDT 2013
Hi folks,
Simple enough change here. As per the description HttpCookie.setMaxAge
will set any arbitrary negative value, while we only check for
MAX_AGE_UNSPECIFIED to determine whether a cookies max age has been
specified or not. This fix sets maxAge to MAX_AGE_UNSPECIFIED if the
setMaxAge(expiry) parameter is < 0.
In addition to that HttpCookie.parse(header) incorrectly sets the maxAge
to a negative value if the expires attribute is in the past. This
effectively means it is unspecified instead of expired. This fix sets
such maxAge values to 0 (expire immediately) instead.
https://bugs.openjdk.java.net/browse/JDK-8005068
http://cr.openjdk.java.net/~robm/8005068/webrev.01/
-Rob
More information about the net-dev
mailing list