Bug 64166

Summary: RequestDumperFilter duplicates headers
Product: Tomcat 9 Reporter: Greg Peterson <gpeterson>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Severity: minor CC: michaelo
Priority: P2    
Version: 9.0.x   
Target Milestone: -----   
Hardware: PC   
OS: All   
Attachments: Patch to correct logging of response headers

Description Greg Peterson 2020-02-20 23:18:09 UTC
Created attachment 37031 [details]
Patch to correct logging of response headers

The RequestDumper attempts to log the outgoing headers by first obtaining the header names, then for each header name it outputs the values for that header. The problem is that the header names are not unique, so if there are two cookies, there are two Set-Cookie headers. The dumper uses the getHeaders method, which returns all values for the named header. Since it sees the Set-Cookie header twice, calling getHeaders returns both values, so it logs both values for each occurrence of the Set-Cookie header, so we see each cookie twice in the request log.

Attached patch ensures headers are unique before logging.
Comment 1 Mark Thomas 2020-02-25 14:04:53 UTC
I'm thinking that the return value for getHeaderNames() should be de-duplicated. The only scenarios I can think of where that would cause issues, the client is doing something unreasonable.
Comment 2 Mark Thomas 2020-02-25 19:45:42 UTC
Fixed in:
- master for 10.0.0-M2 onwards
- 9.0.x for 9.0.32 onwards
- 8.5.x for 8.5.52 onwards
- 7.0.x for 7.0.101 onwards