RFR: 8005068 - HttpCookie does not correctly handle negative maxAge values
Chris Hegarty
chris.hegarty at oracle.com
Mon Oct 21 08:21:10 PDT 2013
Hi Rob,
The changes look fine. ( Trivially the copyright year on the test should
be 2013 ).
Coming so late in the JDK8 development cycle, only P1-3 bugs are being
accepted [1]. I see this is a P4. Should it be deferred to the next
available minor update, or do you think it warrants being fixed in jdk8.
-Chris.
[1] http://openjdk.java.net/projects/jdk8/milestones#Rampdown_start
On 18/10/2013 18:36, Rob McKenna wrote:
> Hi folks,
>
> Simple enough change here. As per the description HttpCookie.setMaxAge
> will set any arbitrary negative value, while we only check for
> MAX_AGE_UNSPECIFIED to determine whether a cookies max age has been
> specified or not. This fix sets maxAge to MAX_AGE_UNSPECIFIED if the
> setMaxAge(expiry) parameter is < 0.
>
> In addition to that HttpCookie.parse(header) incorrectly sets the maxAge
> to a negative value if the expires attribute is in the past. This
> effectively means it is unspecified instead of expired. This fix sets
> such maxAge values to 0 (expire immediately) instead.
>
> https://bugs.openjdk.java.net/browse/JDK-8005068
> http://cr.openjdk.java.net/~robm/8005068/webrev.01/
>
> -Rob
>
More information about the net-dev
mailing list