|
Mantis - Resin
|
|
Viewing Issue Advanced Details |
|
|
ID:
|
Category:
|
Severity:
|
Reproducibility:
|
Date Submitted:
|
Last Update:
|
|
5456 |
|
minor |
always |
06-13-13 13:03 |
07-23-13 11:36 |
|
|
Reporter:
|
cowan |
Platform:
|
|
|
|
Assigned To:
|
ferg |
OS:
|
|
|
|
Priority:
|
normal |
OS Version:
|
|
|
|
Status:
|
closed |
Product Version:
|
4.0.36 |
|
|
Product Build:
|
|
Resolution:
|
fixed |
|
|
Projection:
|
none |
|
|
|
|
ETA:
|
none |
Fixed in Version:
|
4.0.37 |
|
|
|
Summary:
|
0005456: Cookie Expires with negative value removed by Resin load-balancer |
|
Description:
|
When using cookie.setMaxAge(0) to signal the browser to delete the cookie, the "Expires" portion of the cookie header is stripped out by the web-tier load-balancer. This does not occur when the connect is direct to the app-server. |
|
Steps To Reproduce:
|
|
|
Additional Information:
|
com.caucho.server.http.AbstractHttpResponse translates maxAge(0) to "expires=Thu, 01-Dec-1994 16:00:00 GMT". The load-balancer read this cookie value and a negative number, and sets the negative number instead of 0 on the cookie on the web-tier response. AbstractHttpResponse.fillCookie has no handling for negative number and does not recognize "Thu, 01-Dec-1994 16:00:00 GMT" as 0, as a result the expires value is lost. |
| Relationships | |
|
Attached Files:
|
|