From 3451b3cbb3eb0e225bda0b29ba36b87035645ef8 Mon Sep 17 00:00:00 2001 From: Sergey Polovko Date: Mon, 22 Aug 2016 19:51:45 +0300 Subject: [PATCH] Cookie name must be case sensitive Motivation: RFC 6265 does not state that cookie names must be case insensitive. Modifications: Fix io.netty.handler.codec.http.cookie.DefaultCookie#equals() method to use case sensitive String#equals() and String#compareTo(). Result: It is possible to parse several cookies with same names but with different cases. --- .../codec/http/cookie/DefaultCookie.java | 4 +-- .../http/cookie/ServerCookieDecoderTest.java | 25 ++++++++++++++++--- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/cookie/DefaultCookie.java b/codec-http/src/main/java/io/netty/handler/codec/http/cookie/DefaultCookie.java index fb98555bb8..17fe5c4368 100644 --- a/codec-http/src/main/java/io/netty/handler/codec/http/cookie/DefaultCookie.java +++ b/codec-http/src/main/java/io/netty/handler/codec/http/cookie/DefaultCookie.java @@ -135,7 +135,7 @@ public class DefaultCookie implements Cookie { } Cookie that = (Cookie) o; - if (!name().equalsIgnoreCase(that.name())) { + if (!name().equals(that.name())) { return false; } @@ -164,7 +164,7 @@ public class DefaultCookie implements Cookie { @Override public int compareTo(Cookie c) { - int v = name().compareToIgnoreCase(c.name()); + int v = name().compareTo(c.name()); if (v != 0) { return v; } diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/cookie/ServerCookieDecoderTest.java b/codec-http/src/test/java/io/netty/handler/codec/http/cookie/ServerCookieDecoderTest.java index d0c07646a5..fe9df5ec30 100644 --- a/codec-http/src/test/java/io/netty/handler/codec/http/cookie/ServerCookieDecoderTest.java +++ b/codec-http/src/test/java/io/netty/handler/codec/http/cookie/ServerCookieDecoderTest.java @@ -72,6 +72,10 @@ public class ServerCookieDecoderTest { Iterator it = cookies.iterator(); Cookie c; + c = it.next(); + assertEquals("ARPT", c.name()); + assertEquals("LWUKQPSWRTUN04CKKJI", c.value()); + c = it.next(); assertEquals("__utma", c.name()); assertEquals("48461872.1094088325.1258140131.1258140131.1258140131.1", c.value()); @@ -90,10 +94,6 @@ public class ServerCookieDecoderTest { "utmccn=(referral)|utmcmd=referral|utmcct=/Home-Garden/Furniture/Clearance/clearance/32/dept.html", c.value()); - c = it.next(); - assertEquals("ARPT", c.name()); - assertEquals("LWUKQPSWRTUN04CKKJI", c.value()); - c = it.next(); assertEquals("kw-2E343B92-B097-442c-BFA5-BE371E0325A2", c.name()); assertEquals("unfinished_furniture", c.value()); @@ -182,4 +182,21 @@ public class ServerCookieDecoderTest { Set cookies = ServerCookieDecoder.STRICT.decode("name=\"foo;bar\";"); assertTrue(cookies.isEmpty()); } + + @Test + public void testCaseSensitiveNames() { + Set cookies = ServerCookieDecoder.STRICT.decode("session_id=a; Session_id=b;"); + Iterator it = cookies.iterator(); + Cookie c; + + c = it.next(); + assertEquals("Session_id", c.name()); + assertEquals("b", c.value()); + + c = it.next(); + assertEquals("session_id", c.name()); + assertEquals("a", c.value()); + + assertFalse(it.hasNext()); + } }