[
https://issues.apache.org/jira/browse/WICKET-5648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14070000#comment-14070000
]
Thibault Kruse commented on WICKET-5648:
----------------------------------------
Hi Martin,
I did not see you responding to one of my comments, where I review the diff.
Did you miss this maybe?
Also, coming back to the issue of using a separator: When I use a semicolon to
separate values, the cookie only stores a string up to the first semicolon, or
at least that's what my browser displays, and horrible things happen when
loading the value:
cookieUtils.save("foo", "1", "2");
// Browser displays value of cookie foo as "\"1;"
String x = cookieUtils.load("foo");
System.out.println(x);
// yields: "1; nameofnextcookie="
This stackoverflow answer says semicolons are not allowed in cookies:
http://stackoverflow.com/questions/1969232/allowed-characters-in-cookies
Also see https://github.com/carhartl/jquery-cookie/issues/3
So I somehow start to doubt whether wicket made any real use of the
multi-valued cookie values for anything.
> CookieUtils - add #loadValues(), make #getCookie() public, properly
> initialize from the defaults
> ------------------------------------------------------------------------------------------------
>
> Key: WICKET-5648
> URL: https://issues.apache.org/jira/browse/WICKET-5648
> Project: Wicket
> Issue Type: Improvement
> Reporter: Thibault Kruse
> Assignee: Martin Grigorov
> Priority: Minor
> Fix For: 7.0.0-M3, 6.17.0
>
>
> Hi, not sure even whether CookieUtils is supposed to be used outside wicket.
> But if so, it has some API flaws.
> The CookieUtils class has
> public final void save(String key, final String... values)
> but no *public* load method to load the saved multiple values. Clients can
> load the whole string and split themselves, but that's dirty. And using
> FormComponent.VALUE_SEPARATOR seems wicket-specific anyway (and is not safe
> against values with that separator), so maybe that method should be
> protected, not public.
> The code
> cookie.setSecure(false);
> in save() also seems dodgy, but seems to have no effect (defaultSettings
> still work).
> Finally it is a bit weird that there is no access to the underlying Cookie
> itself, with it's getDomain() etc methods. For Developers it might be nice to
> work with the cookie avoiding the boilerplate code, so maybe getCookie()
> could be made public instead of private
--
This message was sent by Atlassian JIRA
(v6.2#6252)
