<div dir="ltr">Hi,<br><br>This was already reported at <a href="https://issues.jboss.org/browse/UNDERTOW-1163">https://issues.jboss.org/browse/UNDERTOW-1163</a><br><br>If you upgrade to WildFly 12 or later, you can allow a comma as cookie separator by setting the system property &quot;io.undertow.legacy.cookie.COMMA_IS_SEPARATOR&quot; to true:<div><br>    ./bin/standalone.sh ...  -Dio.undertow.legacy.cookie.COMMA_IS_SEPARATOR=true<br><br>Thanks,<br>--<br>Masafumi Miura / 三浦 雅史<br><br>On Fri, Aug 3, 2018 at 6:17 PM, Brian R Wallis &lt;<a href="mailto:Brian.Wallis@infomedix.com.au">Brian.Wallis@infomedix.com.au</a>&gt; wrote:<br>&gt; Are commas allowed as a separator of multiple cookies in a cookie header?<br>&gt;<br>&gt; I am running an application in wildfly-11.0.0.Final and another application is making a request with two cookies, JSESSIONID and JSESSIONIDSSO. It is sending these as<br>&gt;<br>&gt; JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV, JSESSIONID=lDA5h47Pk_jrnIwAshNsQ7Ot269XyVSTR1mwYNEL.localhost<br>&gt;<br>&gt; which then seems to be parsed into a single cookie<br>&gt;<br>&gt; JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV, JSESSIONID<br>&gt;<br>&gt; which of course does not work for the authentication so the request fails. This seems to be a failure in parsing the original cookie string. There is a bit of confusion in this area in the RFCs as the earlier ones allowed comma as a separator but the most recent, RFC-6265, does not. Undertow should probably allow a comma separator for backward compatibility with older implementations.<br>&gt;<br>&gt; Thanks<br>&gt; brian wallis…<br>&gt;<br>&gt;<br>&gt; The full dump from the undertow request dumper is<br>&gt;<br>&gt;<br>&gt; 18:33:29,249 INFO  [io.undertow.request.dump] (Unknown)<br>&gt; ----------------------------REQUEST---------------------------<br>&gt;                URI=/infoapi/user/profile<br>&gt;  characterEncoding=null<br>&gt;      contentLength=-1<br>&gt;        contentType=[none]<br>&gt;             cookie=JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV, JSESSIONID<br>&gt;             header=Connection=Keep-Alive<br>&gt;             header=Orbeon-Token=5b4085e06896f374e8dec7a22f9e411a2b0d2105<br>&gt;             header=Accept-Encoding=gzip,deflate<br>&gt;             header=Content-Type=none<br>&gt;             header=Cookie=JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV, JSESSIONID=lDA5h47Pk_jrnIwAshNsQ7Ot269XyVSTR1mwYNEL.localhost<br>&gt;             header=Cookie2=$Version=1<br>&gt;             header=Host=localhost<br>&gt;             locale=[]<br>&gt;             method=GET<br>&gt;           protocol=HTTP/1.1<br>&gt;        queryString=<br>&gt;         remoteAddr=/<a href="http://127.0.0.1:55984">127.0.0.1:55984</a><br>&gt;         remoteHost=localhost<br>&gt;             scheme=http<br>&gt;               host=localhost<br>&gt;         serverPort=80<br>&gt; --------------------------RESPONSE--------------------------<br>&gt;      contentLength=71<br>&gt;        contentType=text/html;charset=UTF-8<br>&gt;             cookie=JSESSIONIDSSO=null; domain=null; path=/<br>&gt;             header=Expires=0<br>&gt;             header=Cache-Control=no-cache, no-store, must-revalidate<br>&gt;             header=X-Powered-By=Undertow/1<br>&gt;             header=Set-Cookie=JSESSIONIDSSO=&quot;&quot;; path=/; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:00 GMT<br>&gt;             header=Server=WildFly/11<br>&gt;             header=Pragma=no-cache<br>&gt;             header=Date=Fri, 03 Aug 2018 08:33:29 GMT<br>&gt;             header=WWW-Authenticate=Basic realm=&quot;REST API authentication module&quot;<br>&gt;             header=Content-Type=text/html;charset=UTF-8<br>&gt;             header=Content-Length=71<br>&gt;             status=401<br>&gt;<br>&gt;<br>&gt;<br>&gt;<br>&gt; _______________________________________________<br>&gt; undertow-dev mailing list<br>&gt; <a href="mailto:undertow-dev@lists.jboss.org">undertow-dev@lists.jboss.org</a><br>&gt; <a href="https://lists.jboss.org/mailman/listinfo/undertow-dev">https://lists.jboss.org/mailman/listinfo/undertow-dev</a></div></div>