Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Recommended Set-Cookie Version used by web servers (0, 1, or 2)

Tags:

http

tomcat

web

apache-httpcomponents

I was running into some issues with cookie management using Apache HTTP Components as a client talking to a web application running on a Tomcat server. Long story short, I found that it was due to the Set-Cookie headers using version 0, which by default causes HTTP Components to use a different logic flow and ignore host addresses without a domain suffix. Although I can probably easily fix this by changing the cookie policy, I'm more curious about cookie versions in general. I can't seem to find very much information about which version "should" be used by web servers default these days. Tomcat appears to be defaulting to version 0 for compatibility. Shouldn't I configure it to use version 1 or 2, or is there a reason I should leave it? I'm not sure if there's any security/compatibility/functionality implications, or if it simply doesn't matter very much. I would imagine it's using version 0 to be compatible with old browsers, we aren't supporting old browsers anyways.

like image 460
Jared Gommels Avatar asked Mar 18 '15 14:03

Jared Gommels

People also ask

How do you set cookies on a server?

The Set-Cookie HTTP response header is used to send a cookie from the server to the user agent, so that the user agent can send it back to the server later. To send multiple cookies, multiple Set-Cookie headers should be sent in the same response.

Are cookies set automatically?

Cookies are usually set by a web-server using the response Set-Cookie HTTP-header. Then, the browser automatically adds them to (almost) every request to the same domain using the Cookie HTTP-header.

How browser cookies are set?

Cookies are set using the Set-Cookie header field, sent in an HTTP response from the web server. This header field instructs the web browser to store the cookie and send it back in future requests to the server (the browser will ignore this header field if it does not support cookies or has disabled cookies).

What are server cookies?

An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to a user's web browser. The browser may store the cookie and send it back to the same server with later requests.

1 Answers

Cookie version attribute has been rendered obsolete by RFC 6265. You can configure HttpClient version 4.3 to use Best_Match policy or HttpClient version 4.4 to use Standard (RFC 6265 compliant) policy and disregard cookie versions altogether.

like image 177
ok2c Avatar answered Oct 12 '22 11:10

ok2c
Sign in to Comment

Related questions

HttpWebResponse is always null
Passing GET variables over SSL = secured?
Django return http early flush (chunked response)
Get HTTP Response from a url by using C#
How can I download a single file from multiple locations via HTTP?
are multiple linear white space allowed in http header
Pass Parameters in VBA HTTP Post Request
REST HTTP status code for "success, and thus you no longer have access"
How to retrieve images from cache memory in picasso?
CSS file considered as being an image resource
Redirect on a different location and port in node.js
Android: Volley HTTP Patch Request
Node.js HTTP Proxy modify body
Post document to SOLR 4 from AngularJS
Where exactly to put the antiforgeryToken
Why Fiddler adds connection:close on CONNECT response?
Handling Rails ActionController::BadRequest
ShellExecute fails for local html or file URLs
How can Spray be asynchronous when HTTP is not?
java.lang.IllegalArgumentException: Host name may not be null, while firing a get request

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!