[ https://issues.apache.org/jira/browse/WICKET-5648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14070000#comment-14070000 ]
Thibault Kruse commented on WICKET-5648: ---------------------------------------- Hi Martin, I did not see you responding to one of my comments, where I review the diff. Did you miss this maybe? Also, coming back to the issue of using a separator: When I use a semicolon to separate values, the cookie only stores a string up to the first semicolon, or at least that's what my browser displays, and horrible things happen when loading the value: cookieUtils.save("foo", "1", "2"); // Browser displays value of cookie foo as "\"1;" String x = cookieUtils.load("foo"); System.out.println(x); // yields: "1; nameofnextcookie=" This stackoverflow answer says semicolons are not allowed in cookies: http://stackoverflow.com/questions/1969232/allowed-characters-in-cookies Also see https://github.com/carhartl/jquery-cookie/issues/3 So I somehow start to doubt whether wicket made any real use of the multi-valued cookie values for anything. > CookieUtils - add #loadValues(), make #getCookie() public, properly > initialize from the defaults > ------------------------------------------------------------------------------------------------ > > Key: WICKET-5648 > URL: https://issues.apache.org/jira/browse/WICKET-5648 > Project: Wicket > Issue Type: Improvement > Reporter: Thibault Kruse > Assignee: Martin Grigorov > Priority: Minor > Fix For: 7.0.0-M3, 6.17.0 > > > Hi, not sure even whether CookieUtils is supposed to be used outside wicket. > But if so, it has some API flaws. > The CookieUtils class has > public final void save(String key, final String... values) > but no *public* load method to load the saved multiple values. Clients can > load the whole string and split themselves, but that's dirty. And using > FormComponent.VALUE_SEPARATOR seems wicket-specific anyway (and is not safe > against values with that separator), so maybe that method should be > protected, not public. > The code > cookie.setSecure(false); > in save() also seems dodgy, but seems to have no effect (defaultSettings > still work). > Finally it is a bit weird that there is no access to the underlying Cookie > itself, with it's getDomain() etc methods. For Developers it might be nice to > work with the cookie avoiding the boilerplate code, so maybe getCookie() > could be made public instead of private -- This message was sent by Atlassian JIRA (v6.2#6252)