Issues

ZF-9873: Zend_Http_Client is not using the correct separator for the cookie header

Issue Type: Bug Created: 2010-05-21T07:24:04.000+0000 Last Updated: 2012-11-06T19:18:38.000+0000 Status: Open Fix version(s): Reporter: Bogdan Martinescu (yolau) Assignee: Garrison Locke (gplocke) Tags: - Zend_Http_Client

  • NeedsPatch
  • zf-crteam-review

Related issues: Attachments:

Description

The problem: Zend_Http_Client is not sending the correct Cookie header when multiple cookies are used. Exemple:

<pre class="literal"> 
Cookie: var1=value1, var2=value2, var3=value3

This is not correct. According to RFC2965 the correct separator between cookies is ';' not ','. For details please see http://tools.ietf.org/html/rfc2965 section 3.1 (Syntax: General). The correct cookie header sent should be:

<pre class="literal"> 
Cookie: var1=value1; var2=value2; var3=value3

Suggested fix In file Zend/Http/Client.php replace block of code starting at line 1140

<pre class="highlight">
        // Add all other user defined headers
        foreach ($this->headers as $header) {
            list($name, $value) = $header;
            if (is_array($value)) {
                $value = implode(', ', $value);
            }

            $headers[] = "$name: $value";
        }

with:

<pre class="highlight">
        // Add all other user defined headers
        foreach ($this->headers as $normalized_name => $header) {
            list($name, $value) = $header;
            if (is_array($value)) {
                if ('cookie' == $normalized_name || 'set-cookie2' == $normalized_name)
                    $separator = '; ';
                else
                    $separator = ', ';
                $value = implode($separator, $value);
            }

            $headers[] = "$name: $value";
        }

Comments

Posted by Garrison Locke (gplocke) on 2010-05-21T07:46:47.000+0000

I started to work on this, but then I wondered if making this change would potentially break any kind of existing code. It shouldn't right?

Posted by Bogdan Martinescu (yolau) on 2010-05-21T07:53:56.000+0000

It should not brake any existing functionality. The changes that I suggested are only applied to Cookie and Set-Cookie2 headers and are according to standard.

Posted by Shahar Evron (shahar) on 2010-05-23T03:32:20.000+0000

This should not break existing functionality if done as suggested above.

Note that the ';' separator is unique to the Cookie header, and the HTTP RFC (which is the only really accepted RFC, as the Cookie RFC-2965 is not really commonly implemented) states that multiple header values are separated by ','.

Posted by Adam Lundrigan (adamlundrigan) on 2012-05-29T18:59:06.000+0000

Is this something which should be fixed in ZF 1.12?

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts