This discussion is archived
0 Replies Latest reply: Oct 6, 2011 8:54 AM by 679863 RSS

Cookie.setVersion(1) changes Path

679863 Newbie
Currently Being Moderated
Hi all,

I'm wondering if anyone know what effect setVersion(1) may have on the Path of a cookie.

I'm running into an issue with the Shibboleth IDP jars and the cookies it creates. I'm starting to think the issue may be related to cookie version.

Basically the Path seems to change from what is set to what actually shows up in the browser cookies after I view the cookie.

I'm using tamper data in fire fox and see the path of my cookie is "/idp1"
But after the cookie is created it shows up with path "/idp1/profile/SAML2/Redirect/"

The code that creates the cookie in Shibolleth jar looks fine:
Cookie contextKeyCookie = new Cookie(LOGIN_CTX_KEY_NAME, contextKey);
        contextKeyCookie.setVersion(1);
        if (cookieDomain != null) {
            contextKeyCookie.setDomain(cookieDomain);
        }
        contextKeyCookie.setPath("".equals(httpRequest.getContextPath()) ? "/" : httpRequest.getContextPath());
        contextKeyCookie.setSecure(httpRequest.isSecure());
        httpResponse.addCookie(contextKeyCookie);
So what I did is created 2 cookies in my application, both are identical aside from the version. One uses 0 the other 1
        Cookie contextKeyCookie = new Cookie("cookie_name_V1", "cookie_value");
        contextKeyCookie.setVersion(1);
        contextKeyCookie.setPath("".equals(request.getContextPath()) ? "/" : request.getContextPath());
        contextKeyCookie.setSecure(true);
        response.addCookie(contextKeyCookie);
        
        Cookie contextKeyCookie2 = new Cookie("cookie_name_V0", "cookie_value");
        contextKeyCookie2.setVersion(0);
        contextKeyCookie2.setPath("".equals(request.getContextPath()) ? "/" : request.getContextPath());
        contextKeyCookie2.setSecure(true);
        response.addCookie(contextKeyCookie2);
Tamper data again shows the correct path for both of the cookies... both are "/idp1"
But when I look at how they are written out the version 1 cookie has an additional / added...

Version 0 has path of "/idp1"
Version 1 has path of "/idp1/"

I'm running in Websphere 7.

Edited by: avalanche333 on Oct 6, 2011 11:54 AM

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points