RFR: 8276774: Cookie stored in CookieHandler not sent if user headers contain cookie [v3]
Michael McMahon
michaelm at openjdk.java.net
Thu Nov 18 12:09:37 UTC 2021
On Wed, 17 Nov 2021 14:07:09 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> Hi,
>>
>> Please find enclosed a patch that solves an unexpected interaction between server-set cookies and user-set cookies in the `java.net.HttpClient`.
>>
>> In JDK 12 we fixed [JDK-8213189](https://bugs.openjdk.java.net/browse/JDK-8213189) to allow user-supplied header to take precedence over (that is, replace) system-headers.
>> At the time the fact that server cookies would be added to the system-supplied headers by the `CookieHandler` (if present), and that a user-supplied cookie would therefore replace them (instead of simply appending to them) was overlooked.
>>
>> This fix proposes to restore the behavior of JDK 11 WRT to cookies - and arrange for user-supplied cookies to be appended to server-supplied cookies.
>
> Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:
>
> More cleanup
Changes requested by michaelm (Reviewer).
src/java.net.http/share/classes/jdk/internal/net/http/Http1Request.java line 124:
> 122: // to the target server.
> 123: collectHeaders1(sb, uh, nocookies);
> 124:
I found this part of the change confusing, could I suggest that the comment below is changed to say:
// Gather all 'Cookie:' headers from the unfiltered system headers, and the user headers
// and concatenate their values in a single line
-------------
PR: https://git.openjdk.java.net/jdk/pull/6408
More information about the net-dev
mailing list