We believe that the java.net.HttpCookie.domainMatches method does not work perfectly according RFC 2965. The following short testcase demonstrates the issue. $ cat MyCookieDomain.java public class MyCookieDomain { public static void main(String[] args) throws Exception { System.out.println( java.net.HttpCookie.domainMatches(args[0], args[1])); } } $ javac MyCookieDomain.java $ java -showversion MyCookieDomain ajax.com www.ajax.com java version "1.6.0_23" Java(TM) SE Runtime Environment (build 1.6.0_23-b05) Java HotSpot(TM) Server VM (build 19.0-b09, mixed mode) false The method returns false for "ajax.com". However, the Javadoc for the static domainMatches method even contains an example from RFC 2965: * A Set-Cookie2 with Domain=ajax.com will be accepted, and the value for Domain will be taken to be .ajax.com, because a dot gets prepended to the value. See also http://download.oracle.com/javase/6/docs/api/java/net/HttpCookie.html#domainMatches%28java.lang.String,%20java.lang.String%29 http://www.ietf.org/rfc/rfc2965.txt According to the example, we believe that the method should return true and not false. We believe that for the check, the method should prepend a leading dot to the domain value if an explicitly specified value does not start with a dot. Please evaluate.
|