commons-httpclient 3.x sends multiple Cookie request headers and Apache httpd/mod_proxy merges those into one Cookie header separated by comma (,)

Solution Verified - Updated -

Issue

  • Apache httpd/mod_proxy merges multiple Cookie request header into one Cookie header separated by comma (,). Is this expected behavior? Is there any configurable parameter to change Apache httpd to use semicolon (;) instead?

  • When I use commons-httpclient 3.x as a client, commons-httpclient 3.x adds multiple Cookie headers in one request like:

    GET /example/ HTTP/1.1
User-Agent: ...
Host: ...
...
Cookie: NAME1=VALUE1
Cookie: NAME2=VALUE2

    then Apache httpd/mod_proxy merges those into one Cookie header separated by comma (,) and forward it to the backend server:

    Cookie: NAME1=VALUE1, NAME2=VALUE2

    This behavior is not compatible with RFC6265 compliant server like Tomcat 8.5. And same issue happens when EAP 7 (Undertow) run as a backend server, too.

Environment

  • Apache httpd 2.2/2.4
  • Apache Commons HttpClient 3.x
  • Apache Tomcat
    • 8.5.x
    • 9.0.x
  • Red Hat JBoss Enterprise Application Platform (EAP) 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content