Menu
I was running into some issues with cookie management using Apache HTTP Components as a client talking to a web application running on a Tomcat server. Long story short, I found that it was due to the Set-Cookie headers using version 0, which by default causes HTTP Components to use a different logic flow and ignore host addresses without a domain suffix. Although I can probably easily fix this by changing the cookie policy, I'm more curious about cookie versions in general. I can't seem to find very much information about which version "should" be used by web servers default these days. Tomcat appears to be defaulting to version 0 for compatibility. Shouldn't I configure it to use version 1 or 2, or is there a reason I should leave it? I'm not sure if there's any security/compatibility/functionality implications, or if it simply doesn't matter very much. I would imagine it's using version 0 to be compatible with old browsers, we aren't supporting old browsers anyways.
460
The Set-Cookie HTTP response header is used to send a cookie from the server to the user agent, so that the user agent can send it back to the server later. To send multiple cookies, multiple Set-Cookie headers should be sent in the same response.
Cookies are usually set by a web-server using the response Set-Cookie HTTP-header. Then, the browser automatically adds them to (almost) every request to the same domain using the Cookie HTTP-header.
Cookies are set using the Set-Cookie header field, sent in an HTTP response from the web server. This header field instructs the web browser to store the cookie and send it back in future requests to the server (the browser will ignore this header field if it does not support cookies or has disabled cookies).
An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to a user's web browser. The browser may store the cookie and send it back to the same server with later requests.
Cookie version attribute has been rendered obsolete by RFC 6265. You can configure HttpClient version 4.3 to use Best_Match policy or HttpClient version 4.4 to use Standard (RFC 6265 compliant) policy and disregard cookie versions altogether.
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
