From 033875de551d7f5ed9b39b859d04dbc65d81343d Mon Sep 17 00:00:00 2001 From: fhanik Date: Tue, 20 Apr 2010 17:13:37 +0000 Subject: [PATCH] https://issues.apache.org/bugzilla/show_bug.cgi?id=49158 Session cookies should only set one header git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@935998 13f79535-47bb-0310-9956-ffa450edef68 --- java/org/apache/catalina/connector/Request.java | 4 +- java/org/apache/catalina/connector/Response.java | 51 ++++++++++++++++++++---- 2 files changed, 45 insertions(+), 10 deletions(-) diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java index 5377bf553..2d4000f0b 100644 --- a/java/org/apache/catalina/connector/Request.java +++ b/java/org/apache/catalina/connector/Request.java @@ -2298,7 +2298,7 @@ public class Request Cookie newCookie = ApplicationSessionCookieConfig.createSessionCookie(context, newSessionId, secure); - response.addCookieInternal(newCookie); + response.addSessionCookieInternal(newCookie); } } @@ -2622,7 +2622,7 @@ public class Request ApplicationSessionCookieConfig.createSessionCookie( context, session.getIdInternal(), isSecure()); - response.addCookieInternal(cookie); + response.addSessionCookieInternal(cookie); } if (session != null) { diff --git a/java/org/apache/catalina/connector/Response.java b/java/org/apache/catalina/connector/Response.java index fceb410fc..7b9ff60dc 100644 --- a/java/org/apache/catalina/connector/Response.java +++ b/java/org/apache/catalina/connector/Response.java @@ -969,7 +969,37 @@ public class Response } - + /** + * Special method for adding a session cookie as we should be overriding + * any previous + * @param cookie + */ + public void addSessionCookieInternal(final Cookie cookie) { + if (isCommitted()) + return; + + String name = cookie.getName(); + final String headername = "Set-Cookie"; + final String startsWith = name + "="; + final StringBuffer sb = generateCookieString(cookie); + boolean set = false; + MimeHeaders headers = coyoteResponse.getMimeHeaders(); + int n = headers.size(); + for (int i = 0; i < n; i++) { + if (headers.getName(i).toString().equals(headername)) { + if (headers.getValue(i).toString().startsWith(startsWith)) { + headers.setValue(sb.toString()); + set = true; + } + } + } + if (!set) { + addHeader(headername, sb.toString()); + cookies.add(cookie); + } + + + } /** * Add the specified Cookie to those that will be included with * this Response. @@ -981,6 +1011,17 @@ public class Response if (isCommitted()) return; + final StringBuffer sb = generateCookieString(cookie); + //if we reached here, no exception, cookie is valid + // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 ) + // RFC2965 is not supported by browsers and the Servlet spec + // asks for 2109. + addHeader("Set-Cookie", sb.toString()); + + cookies.add(cookie); + } + + public StringBuffer generateCookieString(final Cookie cookie) { final StringBuffer sb = new StringBuffer(); //web application code can receive a IllegalArgumentException //from the appendCookieValue invocation @@ -1003,13 +1044,7 @@ public class Response cookie.getMaxAge(), cookie.getSecure(), cookie.isHttpOnly()); } - //if we reached here, no exception, cookie is valid - // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 ) - // RFC2965 is not supported by browsers and the Servlet spec - // asks for 2109. - addHeader("Set-Cookie", sb.toString()); - - cookies.add(cookie); + return sb; } -- 2.11.0