documentation/9.4.x/http-client-cookie.html - www.eclipse.org/jetty - Git at Google

 <html><head>
       <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Cookies Support</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><meta name="keywords" content="jetty, servlet, servlet-api, cometd, http, websocket, eclipse, maven, java, server, software"><link rel="home" href="index.html" title="Jetty"><link rel="up" href="http-client.html" title="Chapter&nbsp;22.&nbsp;HTTP Client"><link rel="prev" href="http-client-api.html" title="API Usage"><link rel="next" href="http-client-authentication.html" title="Authentication Support"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><link rel="stylesheet" href="css/highlighter/foundation.css"><script src="js/highlight.pack.js"></script><script>
       hljs.initHighlightingOnLoad();
     </script><link type="text/css" rel="stylesheet" href="css/font-awesome/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
             Version: 9.4.28-SNAPSHOT</span></td><td style="width: 50%"></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Cookies Support</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="http-client-api.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a>&nbsp;</td><th width="60%" align="center">Chapter&nbsp;22.&nbsp;HTTP Client<br><a accesskey="p" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></th><td width="20%" align="right">&nbsp;<a accesskey="n" href="http-client-authentication.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/">Contact the core Jetty developers at
           <span class="website">www.webtide.com</span></a></h5><p>
  private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
  scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
       </p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="http-client-cookie"></a>Cookies Support</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="http-client-cookie.html#_special_characters_in_cookies">Special Characters in Cookies</a></span></dt></dl></div><p>Jetty HTTP client supports cookies out of the box.
 The <code class="literal">HttpClient</code> instance receives cookies from HTTP responses and stores them in a <code class="literal">java.net.CookieStore</code>, a class that is part of the JDK.
 When new requests are made, the cookie store is consulted and if there are matching cookies (that is, cookies that are not expired and that match domain and path of the request) then they are added to the requests.</p><p>Applications can programmatically access the cookie store to find the cookies that have been set:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>CookieStore cookieStore = httpClient.getCookieStore();
 List&lt;HttpCookie&gt; cookies = cookieStore.get(URI.create("http://domain.com/path"));</code></pre><p>Applications can also programmatically set cookies as if they were returned from a HTTP response:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>CookieStore cookieStore = httpClient.getCookieStore();
 HttpCookie cookie = new HttpCookie("foo", "bar");
 cookie.setDomain("domain.com");
 cookie.setPath("/");
 cookie.setMaxAge(TimeUnit.DAYS.toSeconds(1));
 cookieStore.add(URI.create("http://domain.com"), cookie);</code></pre><p>Cookies may be added only for a particular request:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>ContentResponse response = httpClient.newRequest("http://domain.com/path")
         .cookie(new HttpCookie("foo", "bar"))
         .send();</code></pre><p>You can remove cookies that you do not want to be sent in future HTTP requests:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>CookieStore cookieStore = httpClient.getCookieStore();
 URI uri = URI.create("http://domain.com");
 List&lt;HttpCookie&gt; cookies = cookieStore.get(uri);
 for (HttpCookie cookie : cookies)
     cookieStore.remove(uri, cookie);</code></pre><p>If you want to totally disable cookie handling, you can install a <code class="literal">HttpCookieStore.Empty</code> instance in this way:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>httpClient.setCookieStore(new HttpCookieStore.Empty());</code></pre><p>You can enable cookie filtering by installing a cookie store that performs the filtering logic in this way:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>httpClient.setCookieStore(new GoogleOnlyCookieStore());

 public class GoogleOnlyCookieStore extends HttpCookieStore
 {
     @Override
     public void add(URI uri, HttpCookie cookie)
     {
         if (uri.getHost().endsWith("google.com"))
             super.add(uri, cookie);
     }
 }</code></pre><p>The example above will retain only cookies that come from the <code class="literal">google.com</code> domain or sub-domains.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_special_characters_in_cookies"></a>Special Characters in Cookies</h3></div></div></div><p>Jetty is compliant with <a class="link" href="https://tools.ietf.org/html/rfc6265" target="_top">RFC6265</a>, and as such care must be taken when setting a cookie value that includes special characters such as <code class="literal">;</code>.</p><p>Previously, Version=1 cookies defined in <a class="link" href="https://tools.ietf.org/html/rfc2109" target="_top">RFC2109</a> (and continued in&nbsp;<a class="link" href="https://tools.ietf.org/html/rfc2965" target="_top">RFC2965</a>) allowed for special/reserved characters to be enclosed within double quotes when declared in a <code class="literal">Set-Cookie</code>&nbsp;response header:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>Set-Cookie: foo="bar;baz";Version=1;Path="/secur"</code></pre><p>This was added to the HTTP Response header as follows:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>Cookie cookie = new Cookie("foo", "bar;baz");
 cookie.setPath("/secur");
 response.addCookie(cookie);</code></pre><p>The introduction of RFC6265 has rendered this approach no longer possible; users are now required to encode cookie values that use these special characters.
 This can be done utilizing <code class="literal">javax.servlet.http.Cookie</code> as follows:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>Cookie cookie = new Cookie("foo", URLEncoder.encode("bar;baz", "utf-8"));</code></pre><p>Jetty validates all cookie names and values being added to the <code class="literal">HttpServletResponse</code> via the <code class="literal">addCookie(Cookie)</code> method.
 If an illegal value is discovered Jetty will throw an <code class="literal">IllegalArgumentException</code> with the details.</p></div></div><script type="text/javascript">
       SyntaxHighlighter.all()
     </script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="http-client-api.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a>&nbsp;</td><td width="20%" align="center"><a accesskey="u" href="http-client.html"><i class="fa fa-chevron-up" aria-hidden="true"></i> Top</a></td><td width="40%" align="right">&nbsp;<a accesskey="n" href="http-client-authentication.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr><tr><td width="40%" align="left" valign="top">API Usage&nbsp;</td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></td><td width="40%" align="right" valign="top">&nbsp;Authentication Support</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
             See an error or something missing?
             <span class="callout"><a href="http://github.com/eclipse/jetty.project">Contribute to this documentation at
                 <span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2020-03-10)</i></span></div></p></body></html>
	<html><head>
	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
	<title>Cookies Support</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><meta name="keywords" content="jetty, servlet, servlet-api, cometd, http, websocket, eclipse, maven, java, server, software"><link rel="home" href="index.html" title="Jetty"><link rel="up" href="http-client.html" title="Chapter 22. HTTP Client"><link rel="prev" href="http-client-api.html" title="API Usage"><link rel="next" href="http-client-authentication.html" title="Authentication Support"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><link rel="stylesheet" href="css/highlighter/foundation.css"><script src="js/highlight.pack.js"></script><script>
	hljs.initHighlightingOnLoad();
	</script><link type="text/css" rel="stylesheet" href="css/font-awesome/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
	Version: 9.4.28-SNAPSHOT</span></td><td style="width: 50%"></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Cookies Support</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="http-client-api.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a> </td><th width="60%" align="center">Chapter 22. HTTP Client<br><a accesskey="p" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></th><td width="20%" align="right"> <a accesskey="n" href="http-client-authentication.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/">Contact the core Jetty developers at
	<span class="website">www.webtide.com</span></a></h5><p>
	private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
	scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
	</p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="http-client-cookie"></a>Cookies Support</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="http-client-cookie.html#_special_characters_in_cookies">Special Characters in Cookies</a></span></dt></dl></div><p>Jetty HTTP client supports cookies out of the box.
	The <code class="literal">HttpClient</code> instance receives cookies from HTTP responses and stores them in a <code class="literal">java.net.CookieStore</code>, a class that is part of the JDK.
	When new requests are made, the cookie store is consulted and if there are matching cookies (that is, cookies that are not expired and that match domain and path of the request) then they are added to the requests.</p><p>Applications can programmatically access the cookie store to find the cookies that have been set:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>CookieStore cookieStore = httpClient.getCookieStore();
	List<HttpCookie> cookies = cookieStore.get(URI.create("http://domain.com/path"));</code></pre><p>Applications can also programmatically set cookies as if they were returned from a HTTP response:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>CookieStore cookieStore = httpClient.getCookieStore();
	HttpCookie cookie = new HttpCookie("foo", "bar");
	cookie.setDomain("domain.com");
	cookie.setPath("/");
	cookie.setMaxAge(TimeUnit.DAYS.toSeconds(1));
	cookieStore.add(URI.create("http://domain.com"), cookie);</code></pre><p>Cookies may be added only for a particular request:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>ContentResponse response = httpClient.newRequest("http://domain.com/path")
	.cookie(new HttpCookie("foo", "bar"))
	.send();</code></pre><p>You can remove cookies that you do not want to be sent in future HTTP requests:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>CookieStore cookieStore = httpClient.getCookieStore();
	URI uri = URI.create("http://domain.com");
	List<HttpCookie> cookies = cookieStore.get(uri);
	for (HttpCookie cookie : cookies)
	cookieStore.remove(uri, cookie);</code></pre><p>If you want to totally disable cookie handling, you can install a <code class="literal">HttpCookieStore.Empty</code> instance in this way:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>httpClient.setCookieStore(new HttpCookieStore.Empty());</code></pre><p>You can enable cookie filtering by installing a cookie store that performs the filtering logic in this way:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>httpClient.setCookieStore(new GoogleOnlyCookieStore());

	public class GoogleOnlyCookieStore extends HttpCookieStore
	{
	@Override
	public void add(URI uri, HttpCookie cookie)
	{
	if (uri.getHost().endsWith("google.com"))
	super.add(uri, cookie);
	}
	}</code></pre><p>The example above will retain only cookies that come from the <code class="literal">google.com</code> domain or sub-domains.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_special_characters_in_cookies"></a>Special Characters in Cookies</h3></div></div></div><p>Jetty is compliant with <a class="link" href="https://tools.ietf.org/html/rfc6265" target="_top">RFC6265</a>, and as such care must be taken when setting a cookie value that includes special characters such as <code class="literal">;</code>.</p><p>Previously, Version=1 cookies defined in <a class="link" href="https://tools.ietf.org/html/rfc2109" target="_top">RFC2109</a> (and continued in <a class="link" href="https://tools.ietf.org/html/rfc2965" target="_top">RFC2965</a>) allowed for special/reserved characters to be enclosed within double quotes when declared in a <code class="literal">Set-Cookie</code> response header:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>Set-Cookie: foo="bar;baz";Version=1;Path="/secur"</code></pre><p>This was added to the HTTP Response header as follows:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>Cookie cookie = new Cookie("foo", "bar;baz");
	cookie.setPath("/secur");
	response.addCookie(cookie);</code></pre><p>The introduction of RFC6265 has rendered this approach no longer possible; users are now required to encode cookie values that use these special characters.
	This can be done utilizing <code class="literal">javax.servlet.http.Cookie</code> as follows:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>Cookie cookie = new Cookie("foo", URLEncoder.encode("bar;baz", "utf-8"));</code></pre><p>Jetty validates all cookie names and values being added to the <code class="literal">HttpServletResponse</code> via the <code class="literal">addCookie(Cookie)</code> method.
	If an illegal value is discovered Jetty will throw an <code class="literal">IllegalArgumentException</code> with the details.</p></div></div><script type="text/javascript">
	SyntaxHighlighter.all()
	</script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="http-client-api.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a> </td><td width="20%" align="center"><a accesskey="u" href="http-client.html"><i class="fa fa-chevron-up" aria-hidden="true"></i> Top</a></td><td width="40%" align="right"> <a accesskey="n" href="http-client-authentication.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr><tr><td width="40%" align="left" valign="top">API Usage </td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></td><td width="40%" align="right" valign="top"> Authentication Support</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
	See an error or something missing?
	<span class="callout"><a href="http://github.com/eclipse/jetty.project">Contribute to this documentation at
	<span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2020-03-10)</i></span></div></p></body></html>