Mantis - Resin
Viewing Issue Advanced Details
5456 minor always 06-13-13 13:03 07-23-13 11:36
cowan  
ferg  
normal  
closed 4.0.36  
fixed  
none    
none 4.0.37  
0005456: Cookie Expires with negative value removed by Resin load-balancer
When using cookie.setMaxAge(0) to signal the browser to delete the cookie, the "Expires" portion of the cookie header is stripped out by the web-tier load-balancer. This does not occur when the connect is direct to the app-server.
com.caucho.server.http.AbstractHttpResponse translates maxAge(0) to "expires=Thu, 01-Dec-1994 16:00:00 GMT". The load-balancer read this cookie value and a negative number, and sets the negative number instead of 0 on the cookie on the web-tier response. AbstractHttpResponse.fillCookie has no handling for negative number and does not recognize "Thu, 01-Dec-1994 16:00:00 GMT" as 0, as a result the expires value is lost.

Notes
(0006277)
cowan   
06-13-13 13:03   
Rep by H. Cleland
(0006290)
ferg   
07-23-13 11:36   
server/265f