Secure cookies / HttpOnly Cookies / Cookie paths

AliSherKashif / codenameone

Automatically exported from code.google.com/p/codenameone

0 stars 0 forks source link

Secure cookies / HttpOnly Cookies / Cookie paths #430

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

The Cookie class and the Codenameone handling of cookies doesn't seem to handle 
some important cookie features such as secure cookies, httponly cookies, and 
cookie paths.  The secure cookie feature, in particular is quite important as, 
without it, the network connections may pass secure cookies over insecure 
channels.

The following diff proposes a change to add support for these important 
features:
https://gist.github.com/4271318

I haven't tested these changes yet - I need to set up build environments for 
it... but I think they should work.

-Steve

Original issue reported on code.google.com by st...@weblite.ca on 12 Dec 2012 at 8:37

GoogleCodeExporter commented 9 years ago

Unfortunately we can't use the java.net.URI implementation within our code just 
yet since this is "fake" code that we inject on some of the devices. If you can 
implement this without using non-CLDC methods the we will be able to integrate 
something like this.
BTW please try to actually attach code and not use something like gist which 
might change. For legal reasons we need everything submitted so our lawyers can 
track how code reached SVN and allow IP validation when/if required. Thanks.

Original comment by shai.almog on 13 Dec 2012 at 12:50

Changed state: WontFix

GoogleCodeExporter commented 9 years ago

Here is a diff that accomplishes the same thing, but removed the java.net.URI 
dependency.  It compiles OK locally, but haven't had a chance to write any 
actual unit tests or rigorously test it to make sure it does what it intends to 
do.

Original comment by st...@weblite.ca on 14 Dec 2012 at 5:32

Attachments:

cookies.diff

GoogleCodeExporter commented 9 years ago

Chen, can you please verify that this doesn't break things such as Facebook 
login etc.?

Original comment by shai.almog on 14 Dec 2012 at 7:18

Changed state: Accepted
Added labels: Type-Enhancement
Removed labels: Type-Defect

GoogleCodeExporter commented 9 years ago

Shai, are you not able to use the java.net.URI implementation I contributed 
through issue 381?

Original comment by 1815...@coolman.ca on 15 Dec 2012 at 5:23

GoogleCodeExporter commented 9 years ago

If you can use (and prefer to use) uri, then I'll need to post an updated
version of that one as there was a small bug in the previous one I posted.

The non uri version should be fine already though,

Steve

On Friday, December 14, 2012, wrote:

Original comment by st...@weblite.ca on 15 Dec 2012 at 5:28

GoogleCodeExporter commented 9 years ago

Currently not in the implementation code. I'm also afraid of cyclic 
dependencies.
For version 1.1 we will start changing this and migrate the code to use Java 5 
features (mostly Collections and Maps).

Original comment by shai.almog on 15 Dec 2012 at 5:29

GoogleCodeExporter commented 9 years ago

applied the patch, thanks.
verified this doesn't break facebook login.

Original comment by cf27...@gmail.com on 16 Dec 2012 at 11:09

Changed state: Fixed