Comments (4)
markt-asf
commented on September 14, 2024
3
RFC 6265 allows cookie values to be empty. Given that, I think we should take the following approach:
null- remove attribute- empty -
attr=
The above should be what is currently implemented.
Implementations will need to add special handling for attributes like Partioned and ignore the value when writing the cookie header.
If we want consistency with how we implemented HttpOnly then the special handling for Partioned would be "include the attribute name only in the Set-Cookie header iff Boolan.parseBoolean(attrValue) returns true.
Personally, I favour consistency with HttpOnly.
from servlet.
volosied
commented on September 14, 2024
With the Partition cookies feature being added, I encountered similar problems when I tried to added the Partitioned attribute via cookie.setAttribute("Partitioned", ""). My server only rendered it as partitioned=.
With the propose change, I would need to usecookie.setAttribute("Partitioned", "true") in order to have Partitioned; rendered on a cookie?
Just to throw some other ideas out: Is setAttribute trying to do too much here? Should we other method such as setAttributeOnly() and removeAttribute();
Lastly, could a solution for this be included in Servlet 6.1 rather than waiting for another whole release cycle? I'll send out an email in the servlet dev mailing list, too. Thanks!
from servlet.
joakime
commented on September 14, 2024
Per the parsing steps in https://datatracker.ietf.org/doc/html/rfc6265#section-5.2
These are all equivalent Set-Cookie strings.
Set-Cookie: test=value; Secure; HttpOnly; Partitioned
Set-Cookie: test=value; Secure=; HttpOnly=; Partitioned=
Set-Cookie: test=value; Partitioned=; Secure; HttpOnly=;
Why do we need special handling for Partitioned? (or HttpOnly and Secure for that matter)
Alternatively, knowing the parsing rules, an empty string value used in cookie.setAttribtue("Name", "") could always produce the attribute without an equals sign on the Set-Cookie line too.
from servlet.
volosied
commented on September 14, 2024
Thanks for pointing that out @joakime! I didn't realize that.
I saw Mark made a PR: https://github.com/jakartaee/servlet/pull/572/files
The changes look good to me. Could you also take a look? Perhaps it could be in the M2?
from servlet.
Related Issues (20)
- TCK: Need to add the signature tests HOT 1
- jakarta.servlet-api.jar MANIFEST.MF contains path to builder's current directory HOT 6
- Need to update schema for 6.1.0 release HOT 1
- Servlet 6.1.0 - Tomcat 11.0.0-M19-SNAPSHOT certification request HOT 1
- New home for HttpServletRequest injection requirements
- tests should not be in the jakarta package HOT 6
- ServletResponse.setCharacterEncoding(CharSet encoding) throws NullPointerException if encoding is null
- Blocker for starting EE 11 ballot: TCK user guide, and two folders with a tck-runtime.jar and a tck-utils.jar. I guess an assembly file is needed to create a zip file with those two artefacts, and then we have to add a basic user guide still. HOT 1
- Servlet 6.1.0 - Tomcat 11.0.0-M20 certification request HOT 5
- ServletSecTestServlet imports org.slf4j.Logger but test war doesn't include sl4j HOT 6
- Servlet 6.1.0 - Tomcat 11.0.0-M20 certification request HOT 3
- Finalize the release of Jakarta Servlet 6.1 HOT 8
- Circular dependency between AttributeConverter and JPA HOT 1
- TCK for Servlet 6.1 invalid error code in servlet.tck.api.jakarta_servlet_http.httpservletresponse HOT 2
- TCK for servlet 6.1 servlet/tck/spec/serverpush /ServerPushTests#serverPushCookieTest HOT 1
- Clarify behaviour for container managed HTTP headers HOT 1
- addLinkHeader HOT 1
- Version javax.servlet-api 4.0.1 still can be used HOT 1
- TCK coverage missing for attribute elements of cookie-config introduced since web-common_6_0.xsd HOT 1
- Should the new Servlet 6.1 `jakarta.servlet.error.method` attribute be added to `Table 10-1 Request Attributes and their types`? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from servlet.