Set cookie version of incoming httpServletRequest

Question

I have a client that is sending to me a version 1 cookie with a comma delimite value. This should be ok in version 1 of cookies but not allowed in version 0.

So this it the cookie

test.cookie=1,1

Now when I read Cookie[] cookies = request.getCookies[] I am returned 2 cookies like this:

test.cookie=1
1=

So it is seeing the value of the cookie as a delimiter for the next cookie, which you would expect in version 0 of cookies. So the question is can I set the cookie version of the incoming HttpServletRequest before reading the cookies from it.

I know that there is a Cookie.setVersion(int) method but that is no use to me as I am not setting the cookie the container is. (which might be a clue actually to set the cookie version in the container which I will go and look at now)

Edit The way I have worked around this is to just read the headers and then read the value of the Cookie header which comes as a semi-colon delimited list and then parse each cookie name value pair myself thus the comma in the value of the cookie is then preserved correctly and I get just the one cookie. Be nice to know if there is a way of doing this with HttpServleRequest.getCookies() though.

Answer 1

According to RFC2965 and RFC2109 the , character needs to be in quotes when used in value fields, thus ",". That would help you to imply whether the comma is meant to separate two cookies or has a meaning in the value. In my understanding of RFC6265 the , is not allowed at all.

Answer 2

If you don't have any control over the cookies from the client, then you are left with only option.
Read the cookies as two part and combine them yourself into a single cookie and then make use of it. Use something like the following:

new_cookie.setValue(cookies[0].getValue()+cookies[1].getValue());

Make the further manipulations with new_cookie

Answer 3

Encoding the value in cookie solved this for me.