RFR: 8005068 - HttpCookie does not correctly handle negative maxAge values
Chris Hegarty
chris.hegarty at oracle.com
Mon Oct 21 10:10:24 PDT 2013
On 10/21/2013 05:05 PM, Rob McKenna wrote:
> Thanks Chris,
>
> I don't mind deferring. Nobody is shouting at me to get this fixed at
> the moment.
OK, thanks. If this is just clearing the plate before ZBB, then simply
target to tbd_minor and archive the webrev/diffs for future.
-Chris.
>
> -Rob
>
> On 21/10/13 16:21, Chris Hegarty wrote:
>> Hi Rob,
>>
>> The changes look fine. ( Trivially the copyright year on the test
>> should be 2013 ).
>>
>> Coming so late in the JDK8 development cycle, only P1-3 bugs are being
>> accepted [1]. I see this is a P4. Should it be deferred to the next
>> available minor update, or do you think it warrants being fixed in jdk8.
>>
>> -Chris.
>>
>> [1] http://openjdk.java.net/projects/jdk8/milestones#Rampdown_start
>>
>> On 18/10/2013 18:36, Rob McKenna wrote:
>>> Hi folks,
>>>
>>> Simple enough change here. As per the description HttpCookie.setMaxAge
>>> will set any arbitrary negative value, while we only check for
>>> MAX_AGE_UNSPECIFIED to determine whether a cookies max age has been
>>> specified or not. This fix sets maxAge to MAX_AGE_UNSPECIFIED if the
>>> setMaxAge(expiry) parameter is < 0.
>>>
>>> In addition to that HttpCookie.parse(header) incorrectly sets the maxAge
>>> to a negative value if the expires attribute is in the past. This
>>> effectively means it is unspecified instead of expired. This fix sets
>>> such maxAge values to 0 (expire immediately) instead.
>>>
>>> https://bugs.openjdk.java.net/browse/JDK-8005068
>>> http://cr.openjdk.java.net/~robm/8005068/webrev.01/
>>>
>>> -Rob
>>>
>
More information about the net-dev
mailing list