commons-httpclient 3.x sends multiple Cookie request headers and Apache httpd/mod_proxy merges those into one Cookie header separated by comma (,)

Solution Unverified - Updated -

Issue

  • Apache httpd/mod_proxy merges multiple Cookie request header into one Cookie header separated by comma (,). Is this expected behavior? Is there any configurable parameter to change Apache httpd to use semicolon (;) instead?

  • When I use commons-httpclient 3.x as a client, commons-httpclient 3.x adds multiple Cookie headers in one request like:

    GET /example/ HTTP/1.1
User-Agent: ...
Host: ...
...
Cookie: NAME1=VALUE1
Cookie: NAME2=VALUE2

    then Apache httpd/mod_proxy merges those into one Cookie header separated by comma (,) and forward it to the backend server:

    Cookie: NAME1=VALUE1, NAME2=VALUE2

    This behavior is not compatible with RFC6265 compliant server like Tomcat 8.5. And same issue happens when EAP 7 (Undertow) run as a backend server, too.

Environment

  • Apache httpd 2.2/2.4
  • Apache Commons HttpClient 3.x
  • Apache Tomcat 8.5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.