May 5, 2020
Estimated Post Reading Time ~

AEM Upgrade 6.4: Jetty, Cookies and RFC6265 Compliance

While upgrading AEM (< 6.4 Version) to AEM 6.4 version and in any use case if any servlet/component is setting a cookie with some text in Http Response than your API may fail & you maybe encounter below exception in logs.

RFC6265 Cookie values may not contain character

What does this error message suggest?
Well, AEM 6.4 uses the latest version of Jetty application as their servlet container. Jetty has changed their cookie policy. And policy suggests that you can’t have special chars or separators in the cookies without encoding them.

Up until now, Jetty has supported Version=1 cookies defined in RFC2109 (and continued in RFC2965) which allows for special/reserved characters (control, separator, et al) to be enclosed within double quotes when declared in a Set-Cookie response header: See below example.

Set-Cookie: foo=”bar;baz”;Version=1;Path=”/secur”

Which was added to the HTTP Response headers using the following calls?

Cookie cookie = new Cookie("foo", "bar;baz");
cookie.setPath("/secur");
response.addCookie(cookie);


Solutions to fix Cookies problem?
Let’s see below the simple code snippet. Just simply encode the cookie value & decode wherever you are using it.Cookie cookie = new Cookie("foo", URLEncoder.encode("bar;baz", "utf-8"));

How to decode in Javascript & Java?
Follow below code snippet:

#Java
URLDecoder.decode(request.getCookie("foo").getValue(), "UTF-8");

#Javascript
decodeURIComponent($.cookie("foo"));


By aem4beginner

No comments:

Post a Comment

If you have any doubts or questions, please let us know.