6 Replies Latest reply on Sep 19, 2017 3:33 AM by ctomc

Problem with Wildfly 10.1.0.Final handling multiple cookies with the same name

_riley_ Sep 15, 2017 7:36 AM

Hi,

I have a situation where my application is required to receive two cookies with different values but with the same name. For example:

curl -v --cookie "USER_TOKEN=Yes; USER_TOKEN=No" http://my.example.com:8080/myApp/

However, when testing this against Wildfly 10.1.0.Final I'm only receiving the first cookie i.e "USER_TOKEN=Yes". I realise this probably isn't considered common practice, however there is a section in the spec that covers this:

"Although cookies are serialized linearly in the Cookie header, servers SHOULD NOT rely upon the serialization order. In particular, if the Cookie header contains two cookies with the same name (e.g., that were set with different Path or Domain attributes), servers SHOULD NOT rely upon the order in which these cookies appear in the header."

I would be really grateful for any advice on how to proceed with this. Would this be considered a bug? Or is there a work around I could use (other than changing the cookie names..)?

Thanks in advance for your help,

Rich.

1. Re: Problem with Wildfly 10.1.0.Final handling multiple cookies with the same name

gir489 Sep 15, 2017 7:20 AM (in response to _riley_)

Not to be confrontational, but what's the use case for this? It sounds like your application would get mixed messages here, with both a yes and a no.

Also, I noticed you have an erroneous quotation mark in your CURL call. Did you mean to do "USER_TOKEN=Yes; USER_TOKEN=No"?
Actions
2. Re: Problem with Wildfly 10.1.0.Final handling multiple cookies with the same name

_riley_ Sep 15, 2017 7:33 AM (in response to gir489)

Thanks for responding. The 'yes' and 'no' are just examples to make the question clearer. I realise this is an odd scenario, but our product is deployed in a huge range of different ways, and this situation can easily occur.

Without going into to much detail, in my situation each cookie would contain a sessionId encoded in a different way (obtained by the user authenticating via different mechanisms), the app would then decide which takes precedent based on how it is encoded.

Hope that helps.
Actions
3. Re: Problem with Wildfly 10.1.0.Final handling multiple cookies with the same name

_riley_ Sep 15, 2017 8:34 AM (in response to gir489)

Yes thanks there was a typo in the curl command. I have now corrected it.
Actions
4. Re: Problem with Wildfly 10.1.0.Final handling multiple cookies with the same name

richard.hruza Sep 18, 2017 10:34 AM (in response to _riley_)

Hello, any update for this case? I suffer with the same issue.
Actions
5. Re: Problem with Wildfly 10.1.0.Final handling multiple cookies with the same name

gir489 Sep 18, 2017 2:58 PM (in response to richard.hruza)

The Wildfly developers would have to address this through a design change. Currently, Undertow uses the name of the cookie as the key in the map it returns. See: undertow/HttpServletRequestImpl.java at master · undertow-io/undertow · GitHub
Actions
6. Re: Problem with Wildfly 10.1.0.Final handling multiple cookies with the same name

ctomc Sep 19, 2017 3:33 AM (in response to gir489)

swd847
Actions

Go to original post