|
Viewing Issue Simple Details
[ Jump to Notes ]
|
[ View Advanced ]
[ Issue History ]
[ Print ]
|
|
ID |
Category |
Severity |
Reproducibility |
Date Submitted |
Last Update |
|
0005456 |
[Resin] |
minor |
always |
06-13-13 13:03 |
07-23-13 11:36 |
|
|
Reporter |
cowan |
View Status |
public |
|
|
Assigned To |
ferg |
|
Priority |
normal |
Resolution |
fixed |
|
|
Status |
closed |
|
Product Version |
4.0.36 |
|
|
Summary |
0005456: Cookie Expires with negative value removed by Resin load-balancer |
|
Description |
When using cookie.setMaxAge(0) to signal the browser to delete the cookie, the "Expires" portion of the cookie header is stripped out by the web-tier load-balancer. This does not occur when the connect is direct to the app-server. |
|
Additional Information |
com.caucho.server.http.AbstractHttpResponse translates maxAge(0) to "expires=Thu, 01-Dec-1994 16:00:00 GMT". The load-balancer read this cookie value and a negative number, and sets the negative number instead of 0 on the cookie on the web-tier response. AbstractHttpResponse.fillCookie has no handling for negative number and does not recognize "Thu, 01-Dec-1994 16:00:00 GMT" as 0, as a result the expires value is lost. |
|
|
Attached Files |
|
|
|
Relationships 
