RFR: 8005068 - HttpCookie does not correctly handle negative maxAge values
Rob McKenna
rob.mckenna at oracle.com
Mon Oct 21 09:05:33 PDT 2013
Thanks Chris,
I don't mind deferring. Nobody is shouting at me to get this fixed at
the moment.
-Rob
On 21/10/13 16:21, Chris Hegarty wrote:
> Hi Rob,
>
> The changes look fine. ( Trivially the copyright year on the test
> should be 2013 ).
>
> Coming so late in the JDK8 development cycle, only P1-3 bugs are being
> accepted [1]. I see this is a P4. Should it be deferred to the next
> available minor update, or do you think it warrants being fixed in jdk8.
>
> -Chris.
>
> [1] http://openjdk.java.net/projects/jdk8/milestones#Rampdown_start
>
> On 18/10/2013 18:36, Rob McKenna wrote:
>> Hi folks,
>>
>> Simple enough change here. As per the description HttpCookie.setMaxAge
>> will set any arbitrary negative value, while we only check for
>> MAX_AGE_UNSPECIFIED to determine whether a cookies max age has been
>> specified or not. This fix sets maxAge to MAX_AGE_UNSPECIFIED if the
>> setMaxAge(expiry) parameter is < 0.
>>
>> In addition to that HttpCookie.parse(header) incorrectly sets the maxAge
>> to a negative value if the expires attribute is in the past. This
>> effectively means it is unspecified instead of expired. This fix sets
>> such maxAge values to 0 (expire immediately) instead.
>>
>> https://bugs.openjdk.java.net/browse/JDK-8005068
>> http://cr.openjdk.java.net/~robm/8005068/webrev.01/
>>
>> -Rob
>>
More information about the net-dev
mailing list