commons-httpclient 3.x sends multiple Cookie request headers and Apache httpd/mod_proxy merges those into one Cookie header separated by comma (,)

Solution Unverified - Updated -

Issue

  • Apache httpd/mod_proxy merges multiple Cookie request header into one Cookie header separated by comma (,). Is this expected behavior? Is there any configurable parameter to change Apache httpd to use semicolon (;) instead?

  • When I use commons-httpclient 3.x as a client, commons-httpclient 3.x adds multiple Cookie headers in one request like:

    GET /example/ HTTP/1.1
    User-Agent: ...
    Host: ...
    ...
    Cookie: NAME1=VALUE1
    Cookie: NAME2=VALUE2
    

    then Apache httpd/mod_proxy merges those into one Cookie header separated by comma (,) and forward it to the backend server:

    Cookie: NAME1=VALUE1, NAME2=VALUE2
    

    This behavior is not compatible with RFC6265 compliant server like Tomcat 8.5. And same issue happens when EAP 7 (Undertow) run as a backend server, too.

Environment

  • Apache httpd 2.2/2.4
  • Apache Commons HttpClient 3.x
  • Apache Tomcat 8.5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In