| Re: [servlet-dev] EE10 TCK cookie test question |
|
Hi,
I can't find where in the RFC 6265 requires a request cookie $Domain to be converted to a new cookie name $Domain by the server.
Can you please quote a direct line(s) from the RFC 6265 for a clarification?
Thanks!
From: servlet-dev <servlet-dev-bounces@xxxxxxxxxxx> on behalf of Mark Thomas <markt@xxxxxxxxxx>
Sent: Saturday, September 24, 2022 9:29 AM To: servlet-dev@xxxxxxxxxxx <servlet-dev@xxxxxxxxxxx> Subject: Re: [servlet-dev] EE10 TCK cookie test question On 23/09/2022 20:28, pmd1nh-bus@xxxxxxxxxxx wrote:
> Hi, > > In the TCK cookie TestServlet, the getDomainTest() looks for a cookie > "$Domain". > > https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/api/jakarta_servlet_http/cookie/TestServlet.java#L196 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_eclipse-2Dee4j_jakartaee-2Dtck_blob_master_src_com_sun_ts_tests_servlet_api_jakarta-5Fservlet-5Fhttp_cookie_TestServlet.java-23L196&d=DwMFAw&c=jf_iaSHvJObTbx-siA1ZOg&r=9C4a3aHxnMXQDcmdNsTtD8Wble9v2OY7sISUZ_ShTds&m=fIcKeskfCwAWPBJVFdYotEsarOI0klOjdOsRY7oRzs2u-4bGsBSMh5YLrQyLTdlt&s=abP9iStnGUXpbuBZcLG-VTHfLL1_0O7bMnqObl1OMxg&e=> > > > The comment in that class is confusing. > > // RFC 6265 treats the domain attribute of an RFC 2109 cookie as a separate > > // cookie > > Why do we want to turn an attribute into a new and separate cookie? RFC 6265 does not recognize RFC 2109 attributes and treats them as separate cookies. Servlet 6 *only* supports RFC 6265 so if an RFC 2109 cookie is sent by the client, it will be seen as multiple cookies. The changes to the TCK were done that way partly as it was a minimal change that allowed the TCK to pass and partly as it ensures that cookies are being processed based on RFC 6265 and not RFC 2109 or any of the other old cookie specs. > How do we suppose to associate a Domain attribute to a request's Cookie > if the $Domain now turning into a separate cookie? You don't. RFC 2109 cookies are no longer supported. > Same goes for the getPathTest(). Same explanation as above. > Also, both of these tests refer to getDomain() and getPath() > respectively in their log statements; Those could be improved. > Are these tests supposed to verify the getDomain() and getPath() that > sent via the request's Cookie? No. The tests are intended to ensure that an RFC 2109 compliant cookie sent by the client is processed as expected as per the requirements of RFC 6265. Mark _______________________________________________ servlet-dev mailing list servlet-dev@xxxxxxxxxxx To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/servlet-dev |