Closed Bug 93119 Opened 23 years ago Closed 21 years ago

cookies version 1 (Set-Cookie2) doesn't work


(Core :: Networking: Cookies, defect)

Windows 2000
Not set





(Reporter: mguerrero, Assigned: morse)


(Keywords: verifyme)


(1 file)

cookies version 1 (Set-Cookie2) doesn't work in version 0.9.1 
this is a big problem when you are working with Tomcat, since it sends this kind
of cookies to the browser.
Can you please give a set of steps by which we can demonstrate this bug.  
I think this is a dup of bug 83625.  Reporter, can you still reproduce this with
a newer build?
Here is the headers that tomcat sends to the browser :

HTTP/1.0 200 OK
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie2: JSESSIONID=cpcbd5wto1;Version=1;Discard;Path="/webview"
Set-Cookie: JSESSIONID=cpcbd5wto1;Path=/webview
Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.3.1;
Windows 2000 5.0 x86; java.vendor=Sun Microsystems Inc.)

The following request from mozilla is :

GET /webview/http-headers.jsp HTTP/1.1
Host: gandalf.granja.dom:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.1) Gecko/20010607
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9,
image/png, image/jpeg, image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1
Accept-Language: en-us
Accept-Encoding: gzip,deflate,compress,identity
Accept-Charset: ISO-8859-1, utf-8; q=0.667, *; q=0.667
Keep-Alive: 300
Connection: keep-alive

like you can see, in the request there is not the Cookie that must be here.
I think that the problem may be the double cookie at headers. First comes one
cookie in version 1 (Set-Cookie2) with the attribute 'Discard', and after it,
the correct cookie in version 0. Is possible that mozilla 'Discard' all cookies
after the first 'Discard' instruction.

The build that I have is 0.9.1 Gecko/20010607 (like you can see at the headers)
That's not the traffic that I'm seeing at all.  Here are the steps that I 

1. Started sniffer running
2. Fetched page from
3. Examined sniffer traffic and searched for string "cookie".  None found

Attaching my sniffer traffic.

If my set of steps for reproducing the problem are incorrect, then please give a 
detailed set of steps and reopen the bug.
Closed: 23 years ago
Resolution: --- → INVALID
Attached file sniffer traffic
When I say Tomcat I means the product 'Tomcat', not the tomcat web.
Tomcat is the official Reference Implementation for the Java Servlet and
JavaServer Pages technologies 

(more information at

For to see this problem you can fetch these pages :

From an Apache server  (
HTTP/1.1 200 OK
Date: Tue, 07 Aug 2001 09:40:32 GMT
Server: Apache/1.3.11
Cache-Control: private
Content-Length: 1450
Set-Cookie: testing=test1
Set-Cookie: JSESSIONID=aaae7c1_8-IOB2pPwEgemkL2saq9k-; Path=/
Connection: close
Content-Type: text/html
X-Pad: avoid browser bug
Content-Type: text/html

From an Tomcat server (
HTTP/1.0 200 OK
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: testing=test1
Set-Cookie2: JSESSIONID=ppg9wmh1r1;Version=1;Discard;Path="/"
Set-Cookie: JSESSIONID=ppg9wmh1r1;Path=/
Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.3.0rc1;
Windows 2000 5.0 x86;java.vendor=Sun Microsystems Inc.)

When the server that hosts the JSP page is an Apache server, sends Set-Cookies
of version 0 and there is no problem. But when the server is directly a Tomcat
server, it sends Set-Cookie2 of version 1 and then Mozilla doesn't read any of
the cookies.
Resolution: INVALID → ---
Thanks for clarifying what you meant by tomcat.

But again I'm not seeing the problem you are describing.  Here are the steps I 
am now following:

1. Go to which is the site that you 
are saying is the tomcat server and will demonstrate the problem.

2. I see a display saying "cookies received at server" and none are displayed.  
That sounds normal to me since the browser never visited that site before and so 
had not previously collected any cookies from that site.

3. I opened the cookie-manager dialog and saw that there were two cookies stored 
by this site.  They were "testing" and "JSESSIONID".  This is consistent with 
the traffic that you posted above.

4. I reloaded the site.

5. Now the site's display of "cookies received at server" is not blank but 
rather lists these two cookies.  Again this sounds perfectly normal.  The 
browser had previously collected these two cookies and has sent them back to the 
server in this latest http request.

So where is the problem?
It's been over six weeks since my last posting and reporter has not answered my 
question.  So I presume there is no longer a problem.

Closing this out as WFM.
Closed: 23 years ago22 years ago
Resolution: --- → WORKSFORME
Blocks: 208985

Steve's WFM is because Tomcat had sent back the same cookies in two formats, and
the Set-Cookie: headers are supported.

Set-Cookie2 is not supported.
QA Contact: tever → cookieqa
Resolution: WORKSFORME → ---

*** This bug has been marked as a duplicate of 208985 ***
No longer blocks: 208985
Closed: 22 years ago21 years ago
Resolution: --- → DUPLICATE
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.