RFR: 8276774: Cookie stored in CookieHandler not sent if user headers contain cookie [v3]

[Michael McMahon]

On Wed, 17 Nov 2021 14:07:09 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Hi,
>> 
>> Please find enclosed a patch that solves an unexpected interaction between server-set cookies and user-set cookies in the `java.net.HttpClient`.
>> 
>> In JDK 12 we fixed [JDK-8213189](https://bugs.openjdk.java.net/browse/JDK-8213189) to allow user-supplied header to take precedence over (that is, replace) system-headers. 
>> At the time the fact that server cookies would be added to the system-supplied headers by the `CookieHandler` (if present), and that a user-supplied cookie would therefore replace them (instead of simply appending to them)  was overlooked.
>> 
>> This fix proposes to restore the behavior of JDK 11 WRT to cookies - and arrange for user-supplied cookies to be appended to server-supplied cookies.
>
> Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:
> 
>   More cleanup

Changes requested by michaelm (Reviewer).

src/java.net.http/share/classes/jdk/internal/net/http/Http1Request.java line 124:

> 122:         // to the target server.
> 123:         collectHeaders1(sb, uh, nocookies);
> 124: 

I found this part of the change confusing, could I suggest that the comment below is changed to say:

// Gather all 'Cookie:' headers from the unfiltered system headers, and the user headers
// and concatenate their values in a single line

-------------

PR: https://git.openjdk.java.net/jdk/pull/6408