问题
I have a REST web service which sends a cookie in the response. REST URL looks like http://localhost:8080/myfoo/service/v1/acc/login
In my java code I have set cookie like below
Response.ok(entity).cookie(new NewCookie("JSESSIONID", "12344", "/", "localhost", null, -1, false));
When I see the response header of the web service, cookie header looks like below
"JSESSIONID=12344;Domain=localhost;Path="/";Version=1"
But, when I make request to another path of same domain like below
http://localhost:8080/mybar/service/v1/acc/profile
cookies are not sent in the request.
So, when I viewed cookies in browser store (using content settings) I saw below entry for the cookie.
Name: JSESSIONID
Content: 12344
Domain: localhost
Path: /myfoo/service/v1/acc/login
Send for: Any kind of connection
Accessible to script: Yes
Created: Wednesday, July 13, 2016 at 5:04:40 PM
Expires: When the browsing session ends
So, if you notice, path attribute of cookie in browser store is different than what REST service had responded with. Any ideas whats going wrong here?
回答1:
After a long research I found the root cause. The issue was with cxf library 3.1.6. While converting cookie objects to headers, it quotes special characters. Hence it was quoting / set in java code to "/" in the Set-Cookie header. But browser sees "/" as invalid and sets the path to current path.
But, 3.1.7-SNAPSHOT has fix for this. After I update my cxf library to above said version, the issue is resolved.
If we do not want to update the library, we can manually set the Set-Cookie header as an alternative solution.
Here is the reference: https://issues.apache.org/jira/browse/CXF-6862
来源:https://stackoverflow.com/questions/38351769/path-attribute-of-cookie-is-not-affecting-for-subsequent-requests