Solved

Cookie RFC not followed?

Posted on 2004-04-30
3
229 Views
Last Modified: 2012-08-13
Hi all,

I am using Cookies in JSP/Servlets and the following doubt came to my mind.

In the Cookie RFC 2109 in section 4.3.2 it says,

A Set-Kookie from request-host y.x.foo.com for Domain=.foo.com
would be rejected, because H is y.x and contains a dot.

But when I test it myself on my server it doesn't follow this constraint. I have x.y.myserver.com domain and servlet written there. I set kookie with domain = .myserver.com and it works. It allows setting me that kookie.

Anybody knows why this happens? Doesn't browsers follow the RFC? OR was there some addendum or part that I missed for that RFC which describes this anomaly.

Regards
Maulin
0
Comment
Question by:Maulin_Vasavada
3 Comments
 
LVL 3

Accepted Solution

by:
mjzalewski earned 125 total points
ID: 10992232
I'm pretty sure that it works when you go back to the same host (in other words, because the cookie was a response from x.y.myserver.com, it gets included in future requests to x.y.myserver.com). In other words, I think section 4.3.4 often overrides section 4.3.2 (at least as implemented in most browsers).

Bu I'm pretty sure that the cookie will not be included to other hosts like z.y.myserver.com.

BTW, you didn't say which browser version you were working with. Cookies would only be rejected (actually ignored) by the browser client. When a server sends a response, there is no way for the client to tell the server that the cookie has been rejected. Rejecting a cookie only means that the browser ignores it. For a cookie with $Domain=.myserver.com, I suppose it might be implemented as 'Don't send to other URIs even if the host part ends in .myserver.com, because 4.3.2 was violated. However, do send back to x.y.myserver.com, because that was the host which set the cookie.'

And also, I don't think any browser is compliant with all the RFC (and other) specs.

And finally, are you using Version="1"? I think if you don't use that cookie header, a client may interpret the cookie to be version 0, a looser standard produced by Netscape.

0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For customizing the look of your lightweight component and making it look lucid like it was made of glass. Or: how to make your component more Apple-ish ;) This tip assumes your component to be of rectangular shape and completely opaque. (COD…
Introduction Java can be integrated with native programs using an interface called JNI(Java Native Interface). Native programs are programs which can directly run on the processor. JNI is simply a naming and calling convention so that the JVM (Java…
Viewers learn about the “while” loop and how to utilize it correctly in Java. Additionally, viewers begin exploring how to include conditional statements within a while loop and avoid an endless loop. Define While Loop: Basic Example: Explanatio…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question