RFR: 8351983: HttpCookie Parser Incorrectly Handles Cookies with Expires Attribute [v5]

Volkan Yazici vyazici at openjdk.org
Thu Jun 12 18:23:28 UTC 2025


On Thu, 12 Jun 2025 12:48:31 GMT, Michael McMahon <michaelm at openjdk.org> wrote:

>> Hi,
>> 
>> This is a fix to j.n.HttpCookie (which has a doc/spec change). So, I'm targeting it to 26.
>> We currently do not obey the rule in RFC 6265 that says if both Max-Age and Expires attributes
>> are present in a cookie, the Max-Age should take precedence.
>> 
>> Thanks
>> Michael
>
> Michael McMahon has updated the pull request incrementally with one additional commit since the last revision:
> 
>   test update

src/java.base/share/classes/java/net/HttpCookie.java line 892:

> 890:             assignAttribute(cookie, name, value);
> 891:         }
> 892:         assignMaxAgeAttribute(cookie, expiresValue, maxAgeValue);

@Michael-Mc-Mahon, instead of making an exception for `max-age` and `expires`, and removing them from `assignors`, can't we convert the type of `assignors` from `Map` to `List` and add `max-age` & `expires` entries at the end?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/25636#discussion_r2143371218


More information about the net-dev mailing list