RFR: 8351983: HttpCookie Parser Incorrectly Handles Cookies with Expires Attribute [v5]
Volkan Yazici
vyazici at openjdk.org
Thu Jun 12 18:23:28 UTC 2025
On Thu, 12 Jun 2025 12:48:31 GMT, Michael McMahon <michaelm at openjdk.org> wrote:
>> Hi,
>>
>> This is a fix to j.n.HttpCookie (which has a doc/spec change). So, I'm targeting it to 26.
>> We currently do not obey the rule in RFC 6265 that says if both Max-Age and Expires attributes
>> are present in a cookie, the Max-Age should take precedence.
>>
>> Thanks
>> Michael
>
> Michael McMahon has updated the pull request incrementally with one additional commit since the last revision:
>
> test update
src/java.base/share/classes/java/net/HttpCookie.java line 892:
> 890: assignAttribute(cookie, name, value);
> 891: }
> 892: assignMaxAgeAttribute(cookie, expiresValue, maxAgeValue);
@Michael-Mc-Mahon, instead of making an exception for `max-age` and `expires`, and removing them from `assignors`, can't we convert the type of `assignors` from `Map` to `List` and add `max-age` & `expires` entries at the end?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25636#discussion_r2143371218
More information about the net-dev
mailing list