-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple cookies with same name are not supported #3433
Comments
@glassfishrobot Commented |
@glassfishrobot Commented |
|
Hi, All major browsers seems to always pick the cookie with Expire/Max-age set to Session. But when I try to use the method below it returnes the cookies which has expired.
|
RFC 6265 Section 5.4 defines that:
SHOULD is not MUST, so technically not a bug. But I agree Jersey SHOULD do what is recommended. |
|
You got a really good point, @jansupol. If we could have sorted the cookies in the recommended order, this should solve the problem. Thanks for the fast feedback! |
…rted Signed-off-by: tvallin <[email protected]> (cherry picked from commit e5af7d6)
It's possible to have multiple cookies with the same name in the cookie header (e.g. cookies in subdomains/subpaths). So, the following is a valid header:
Cookie:"token=val1; token=val2"
.However,
org.glassfish.jersey.server.ContainerRequest.getCookies
returns aMap<String, Cookie>
, indicating that it returns only one cookie per name. It callsHttpRequestHeader.readCookies
which in turn callsCookieParser.parseCookies
. The implementation ofparseCookies
makes it clear that for multiple cookies with the same name, the last one is returned in the map.Environment
Server
Affected Versions
[2.22]
The text was updated successfully, but these errors were encountered: