Skip to Main Content

Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Cookie.setVersion(1) changes Path

679863Oct 6 2011 — edited Oct 6 2011
Hi all,

I'm wondering if anyone know what effect setVersion(1) may have on the Path of a cookie.

I'm running into an issue with the Shibboleth IDP jars and the cookies it creates. I'm starting to think the issue may be related to cookie version.

Basically the Path seems to change from what is set to what actually shows up in the browser cookies after I view the cookie.

I'm using tamper data in fire fox and see the path of my cookie is "/idp1"
But after the cookie is created it shows up with path "/idp1/profile/SAML2/Redirect/"

The code that creates the cookie in Shibolleth jar looks fine:
Cookie contextKeyCookie = new Cookie(LOGIN_CTX_KEY_NAME, contextKey);
        contextKeyCookie.setVersion(1);
        if (cookieDomain != null) {
            contextKeyCookie.setDomain(cookieDomain);
        }
        contextKeyCookie.setPath("".equals(httpRequest.getContextPath()) ? "/" : httpRequest.getContextPath());
        contextKeyCookie.setSecure(httpRequest.isSecure());
        httpResponse.addCookie(contextKeyCookie);
So what I did is created 2 cookies in my application, both are identical aside from the version. One uses 0 the other 1
        Cookie contextKeyCookie = new Cookie("cookie_name_V1", "cookie_value");
        contextKeyCookie.setVersion(1);
        contextKeyCookie.setPath("".equals(request.getContextPath()) ? "/" : request.getContextPath());
        contextKeyCookie.setSecure(true);
        response.addCookie(contextKeyCookie);
        
        Cookie contextKeyCookie2 = new Cookie("cookie_name_V0", "cookie_value");
        contextKeyCookie2.setVersion(0);
        contextKeyCookie2.setPath("".equals(request.getContextPath()) ? "/" : request.getContextPath());
        contextKeyCookie2.setSecure(true);
        response.addCookie(contextKeyCookie2);
Tamper data again shows the correct path for both of the cookies... both are "/idp1"
But when I look at how they are written out the version 1 cookie has an additional / added...

Version 0 has path of "/idp1"
Version 1 has path of "/idp1/"

I'm running in Websphere 7.

Edited by: avalanche333 on Oct 6, 2011 11:54 AM

Comments

Processing
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Nov 3 2011
Added on Oct 6 2011
0 comments
227 views