Author: markt Date: Wed May 21 17:13:28 2014 New Revision: 1596626 URL: http://svn.apache.org/r1596626 Log: Apply patch 07 from jboynes to improve cookie handling. Simplify code that detects if we need to upgrade a cookie from V0 to V1 The patch should be safe since the logic is unchanged.
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java Modified: tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java?rev=1596626&r1=1596625&r2=1596626&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java Wed May 21 17:13:28 2014 @@ -48,14 +48,6 @@ public class SetCookieSupport { } public static String generateHeader(Cookie cookie) { - - StringBuffer buf = new StringBuffer(); // can't use StringBuilder due to DateFormat - - // Servlet implementation checks name - buf.append(cookie.getName()); - buf.append("="); - // Servlet implementation does not check anything else - /* * The spec allows some latitude on when to send the version attribute * with a Set-Cookie header. To be nice to clients, we'll make sure the @@ -65,41 +57,31 @@ public class SetCookieSupport { * Note that by checking for tokens we will also throw an exception if a * control character is encountered. */ - + int version = cookie.getVersion(); String value = cookie.getValue(); String path = cookie.getPath(); String domain = cookie.getDomain(); String comment = cookie.getComment(); - // Start by using the version we were asked for - int newVersion = cookie.getVersion(); - - // If it is v0, check if we need to switch - if (newVersion == 0 && needsQuotes(value)) { - // non-HTTP token in value - need to use v1 - newVersion = 1; - } - - if (newVersion == 0 && comment != null) { - // Using a comment makes it a v1 cookie - newVersion = 1; + if (version == 0) { + // Check for the things that require a v1 cookie + if (needsQuotes(value) || comment != null || needsQuotes(path) || needsQuotes(domain)) { + version = 1; + } } - if (newVersion == 0 && needsQuotes(path)) { - // non-HTTP token in path - need to use v1 - newVersion = 1; - } + // Now build the cookie header + StringBuffer buf = new StringBuffer(); // can't use StringBuilder due to DateFormat - if (newVersion == 0 && needsQuotes(domain)) { - // non-HTTP token in domain - need to use v1 - newVersion = 1; - } + // Just use the name supplied in the Cookie + buf.append(cookie.getName()); + buf.append("="); - // Now build the cookie header // Value maybeQuote(buf, value); + // Add version 1 specific information - if (newVersion == 1) { + if (version == 1) { // Version=1 ... required buf.append ("; Version=1"); @@ -119,13 +101,13 @@ public class SetCookieSupport { // Max-Age=secs ... or use old "Expires" format int maxAge = cookie.getMaxAge(); if (maxAge >= 0) { - if (newVersion > 0) { + if (version > 0) { buf.append ("; Max-Age="); buf.append (maxAge); } // IE6, IE7 and possibly other browsers don't understand Max-Age. // They do understand Expires, even with V1 cookies! - if (newVersion == 0 || CookieSupport.ALWAYS_ADD_EXPIRES) { + if (version == 0 || CookieSupport.ALWAYS_ADD_EXPIRES) { // Wdy, DD-Mon-YY HH:MM:SS GMT ( Expires Netscape format ) buf.append ("; Expires="); // To expire immediately we need to set the time in past --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org