I have a client that is sending to me a version 1 cookie with a comma delimite value. This should be ok in version 1 of cookies but not allowed in version 0.
So this it the cookie
test.cookie=1,1
Now when I read Cookie[] cookies = request.getCookies[] I am returned 2 cookies like this:
test.cookie=1
1=
So it is seeing the value of the cookie as a delimiter for the next cookie, which you would expect in version 0 of cookies. So the question is can I set the cookie version of the incoming HttpServletRequest before reading the cookies from it.
I know that there is a Cookie.setVersion(int) method but that is no use to me as I am not setting the cookie the container is. (which might be a clue actually to set the cookie version in the container which I will go and look at now)
Edit The way I have worked around this is to just read the headers and then read the value of the Cookie header which comes as a semi-colon delimited list and then parse each cookie name value pair myself thus the comma in the value of the cookie is then preserved correctly and I get just the one cookie. Be nice to know if there is a way of doing this with HttpServleRequest.getCookies() though.
According to RFC2965 and RFC2109 the , character needs to be in quotes when used in value fields, thus ",". That would help you to imply whether the comma is meant to separate two cookies or has a meaning in the value. In my understanding of RFC6265 the , is not allowed at all.