Open janbartel opened 2 weeks ago
While I think there is a case to be made for the behaviour you describe, the Javadoc for PushBuilder has the same language
If
HttpServletResponse.addCookie(Cookie)
has been called on the associated response, then a corresponding Cookie header will be added to the PushBuilder, unless theCookie.getMaxAge()
is<=0, in which case the Cookie will be removed from the builder.
Therefore, I think the current 6.1 TCK code is correct.
Whether we want to address this for Servlet 6.2 is TBD. PushBuilder is already deprecated and is rarely used. There are also backwards compatibility issues. I'm not sure there is much benefit to changing this behaviour.
https://github.com/jakartaee/servlet/blame/6.1.x/tck/tck-runtime/src/main/java/servlet/tck/spec/serverpush/ServerPushTests.java#L338
This line says that if a cookie with
Max-Age <= 0
was added on the server side, a subsequently createdPushBuilder
should not contain the correspondingCookie
. However, a value ofMax-Age=0
indicates to a User-Agent that it should immediately delete aCookie
, but a value of-1
indicates that theCookie
should be considered valid for the duration of the current "session". As the "session" is still clearly ongoing at the point at which thePushBuilder
is created, then it should contain theCookie
withMax-Age=-1
. Should this test be testing a value ofMax-Age=0
instead?