Path attribute of Cookie is not affecting for subsequent requests

2
votes

I have a REST web service which sends a cookie in the response. REST URL looks like http://localhost:8080/myfoo/service/v1/acc/login

In my java code I have set cookie like below

 Response.ok(entity).cookie(new NewCookie("JSESSIONID", "12344", "/", "localhost", null, -1, false));

When I see the response header of the web service, cookie header looks like below

"JSESSIONID=12344;Domain=localhost;Path="/";Version=1"

But, when I make request to another path of same domain like below

http://localhost:8080/mybar/service/v1/acc/profile

cookies are not sent in the request.

So, when I viewed cookies in browser store (using content settings) I saw below entry for the cookie.

Name:   JSESSIONID
Content: 12344
Domain: localhost
Path:   /myfoo/service/v1/acc/login
Send for:   Any kind of connection
Accessible to script:   Yes
Created:    Wednesday, July 13, 2016 at 5:04:40 PM
Expires:    When the browsing session ends

So, if you notice, path attribute of cookie in browser store is different than what REST service had responded with. Any ideas whats going wrong here?

1
restcookiespathsubdomain
In other words, I am unable to override default "path" attribute value of cookieJayavardhan Gange

1 Answers

1
votes

After a long research I found the root cause. The issue was with cxf library 3.1.6. While converting cookie objects to headers, it quotes special characters. Hence it was quoting / set in java code to "/" in the Set-Cookie header. But browser sees "/" as invalid and sets the path to current path.

But, 3.1.7-SNAPSHOT has fix for this. After I update my cxf library to above said version, the issue is resolved.

If we do not want to update the library, we can manually set the Set-Cookie header as an alternative solution.

Here is the reference: https://issues.apache.org/jira/browse/CXF-6862