|
Viewing Issue Advanced Details
[ Jump to Notes ]
|
[ View Simple ]
[ Issue History ]
[ Print ]
|
|
ID |
Category |
Severity |
Reproducibility |
Date Submitted |
Last Update |
|
0005456 |
[Resin] |
minor |
always |
06-13-13 13:03 |
07-23-13 11:36 |
|
|
Reporter |
cowan |
View Status |
public |
|
|
Assigned To |
ferg |
|
Priority |
normal |
Resolution |
fixed |
Platform |
|
|
Status |
closed |
|
OS |
|
|
Projection |
none |
|
OS Version |
|
|
ETA |
none |
Fixed in Version |
4.0.37 |
Product Version |
4.0.36 |
| |
Product Build |
|
|
|
Summary |
0005456: Cookie Expires with negative value removed by Resin load-balancer |
|
Description |
When using cookie.setMaxAge(0) to signal the browser to delete the cookie, the "Expires" portion of the cookie header is stripped out by the web-tier load-balancer. This does not occur when the connect is direct to the app-server. |
|
Steps To Reproduce |
|
|
Additional Information |
com.caucho.server.http.AbstractHttpResponse translates maxAge(0) to "expires=Thu, 01-Dec-1994 16:00:00 GMT". The load-balancer read this cookie value and a negative number, and sets the negative number instead of 0 on the cookie on the web-tier response. AbstractHttpResponse.fillCookie has no handling for negative number and does not recognize "Thu, 01-Dec-1994 16:00:00 GMT" as 0, as a result the expires value is lost. |
|
|
Attached Files |
|
|
|
Relationships 
