PI58457: Quotes are automatically added to the cookie Path attribute on v ersion 1 cookies

Fixes are available

APAR status

Closed as program error.

Error description

When the channel is building a version 1 cookie it will
automatically add quotes to the Path attribute if there are
special characters within the Path value

For example
---
Set-Cookie:
JSESSIONID=0000UA7r9SKaCuW2r4jDamobdSf:1febd9f2-b80a-4031-87
8a-6
d6faf9e2fbd; Path=/CookiePathApp; HttpOnly
TEST=1450345394715;
Version=1; Path="/CookiePathApp"
---

Local fix

```
use V0 Cookie
```

Problem summary

****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server Liberty                              *
****************************************************************
* PROBLEM DESCRIPTION: When the HTTP Channel is building a     *
*                      version 1 cookie, it will automatically *
*                      add quotes to the Path attribute if     *
*                      there are special characters within the *
*                      Path value.                             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
If the version 1 cookie Path attribute contains special
characters the HTTP Channel code will automatically quote the
value, unless it's already quoted, when adding the Cookie as a
header to the message.

Problem conclusion

An HTTP Channel custom property was introduced to prevent the
channel from automatically adding the quotes to the cookie's
Path attribute. The name of the property is:

SkipCookiePathQuotes

It can have a value of true or false, with the default being
false.

To enable the new behavior add the following configuration
option in the HTTP endpoint section of the server.xml

  <httpOptions SkipCookiePathQuotes="true"/>


The fix for this APAR is currently targeted for inclusion in fix
pack 16.0.0.2.  Please refer to the Recommended Updates page for
delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PI58457
Reported component name
LIBERTY PROFILE
Reported component ID
5724J0814
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-03-03
Closed date
2016-03-14
Last modified date
2016-06-13

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
LIBERTY PROFILE
Fixed component ID
5724J0814

Applicable component levels

R850 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
03 May 2022

Tips

PI58457: Quotes are automatically added to the cookie Path attribute on v ersion 1 cookies

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R850 PSY

Document Information

Share your feedback

Need support?