Re: [jetty-dev] About cookie version in the response

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-dev] About cookie version in the response

From: Greg Wilkins <gregw@xxxxxxxxxxx>
Date: Wed, 15 Oct 2014 11:13:48 +1100
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>

Xialin,

Note that the jetty project has announced that jetty-7 and jetty-8 are
end-of-life for open source support. Any further releases will be
sporadic, rare and driven primarily by important security fixes. All
development work is on jetty-9, which has been the stable release for
some time now. Here's a link to the announcement, which contains more
information and links to options for obtaining assistance if you
absolutely cannot upgrade your version of jetty:

http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00069.html

In this particular case, jetty-8 dealt with the confusion surrounding cookie specification and defacto standards by taking a rather cookie version neutral approach, where it has not declared the version of the cookie, quoted strings only if needed and only applied the version to the handling of max age. I think that is an OK approach, at least for the time. Jetty-9 now encapsulates a much better consensus and interpretation of the cookie specification.

If you do need updated cookie handling in jetty-8, then please contact webtide directly.

cheers

On 15 October 2014 04:43, Xialin Zhu <xzhu@xxxxxxxxxxxx> wrote:

Hi,

I am an engineer from LinkedIn, and we are currently having different test result between Jetty 6 and Jetty 8, but I could not find any direct information from Internet:

In Jetty 8, we found that some of the cookies in the response are wrapped by double quotes which will fail the tests, and those cookies are all version 0 cookies though we use setVersion(1) when we create it on the server. By digging into the library we found this is because “Set-Cookie” field in the header lacks “version=1” part. We don’t have this issue in Jetty 6. It seems that you have such code in HttpFields that set the cookie version in Jetty 6:

if (version > 0)

{

buf.append(";Version=");

buf.append(version);

}

However this piece of code is gone in Jetty 8, and it makes us always getting version 0 cookies.

Is it a known issue of Jetty 8, or are we missing anything? Any help is appreciated!

Thanks,

Tony

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev

References:
- [jetty-dev] About cookie version in the response
  - From: Xialin Zhu

Prev by Date: Re: [jetty-dev] About cookie version in the response
Next by Date: [jetty-dev] Using Jettty 9 to simulate errors
Previous by thread: Re: [jetty-dev] About cookie version in the response
Next by thread: [jetty-dev] Using Jettty 9 to simulate errors
Index(es):
- Date
- Thread

Breadcrumbs