Solved

Cookie RFC not followed?

Posted on 2004-04-30
3
232 Views
Last Modified: 2012-08-13
Hi all,

I am using Cookies in JSP/Servlets and the following doubt came to my mind.

In the Cookie RFC 2109 in section 4.3.2 it says,

A Set-Kookie from request-host y.x.foo.com for Domain=.foo.com
would be rejected, because H is y.x and contains a dot.

But when I test it myself on my server it doesn't follow this constraint. I have x.y.myserver.com domain and servlet written there. I set kookie with domain = .myserver.com and it works. It allows setting me that kookie.

Anybody knows why this happens? Doesn't browsers follow the RFC? OR was there some addendum or part that I missed for that RFC which describes this anomaly.

Regards
Maulin
0
Comment
Question by:Maulin_Vasavada
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Accepted Solution

by:
mjzalewski earned 125 total points
ID: 10992232
I'm pretty sure that it works when you go back to the same host (in other words, because the cookie was a response from x.y.myserver.com, it gets included in future requests to x.y.myserver.com). In other words, I think section 4.3.4 often overrides section 4.3.2 (at least as implemented in most browsers).

Bu I'm pretty sure that the cookie will not be included to other hosts like z.y.myserver.com.

BTW, you didn't say which browser version you were working with. Cookies would only be rejected (actually ignored) by the browser client. When a server sends a response, there is no way for the client to tell the server that the cookie has been rejected. Rejecting a cookie only means that the browser ignores it. For a cookie with $Domain=.myserver.com, I suppose it might be implemented as 'Don't send to other URIs even if the host part ends in .myserver.com, because 4.3.2 was violated. However, do send back to x.y.myserver.com, because that was the host which set the cookie.'

And also, I don't think any browser is compliant with all the RFC (and other) specs.

And finally, are you using Version="1"? I think if you don't use that cookie header, a client may interpret the cookie to be version 0, a looser standard produced by Netscape.

0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
iterator/ListIterator approach 17 55
jsp error 6 49
restrict decimal places for double datatype 10 34
How to fix  socket closed error 11 33
For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question