JDK-8214171 : HttpCookie.domainMatches implements RFC 2965 instead of RFC 6265
  • Type: Enhancement
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 12
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2018-11-20
  • Updated: 2018-11-21
  • Resolved: 2018-11-21
Related Reports
Duplicate :  
JDK-8206092 - HttpCookie.domainMatches() does not match to sub-sub-domain
Description
A DESCRIPTION OF THE PROBLEM :
The domain matching is  defined slightly differently in the new RFC 6265 which obsoletes RFC 2965. Only the latter is implemented in HttpCookie.domainMatches(...), though (https://tools.ietf.org/html/rfc2965#section-3.3). Instead the rules from the newer RFC 6265 should be followed (https://tools.ietf.org/html/rfc6265#section-5.1.3).

The following example gives different results in those two RFCs with respect to domain matching:

cookie-domain: example.com, current-domain: some.sub.example.com, this should be a match according to RFC 6265 but should be no match according to the old RFC 2965.