Bug 64166 - RequestDumperFilter duplicates headers
Summary: RequestDumperFilter duplicates headers
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 9.0.x
Hardware: PC All
: P2 minor (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2020-02-20 23:18 UTC by Greg Peterson
Modified: 2020-02-25 19:45 UTC (History)
1 user (show)

Patch to correct logging of response headers (1.41 KB, patch)
2020-02-20 23:18 UTC, Greg Peterson
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Greg Peterson 2020-02-20 23:18:09 UTC
Created attachment 37031 [details]
Patch to correct logging of response headers

The RequestDumper attempts to log the outgoing headers by first obtaining the header names, then for each header name it outputs the values for that header. The problem is that the header names are not unique, so if there are two cookies, there are two Set-Cookie headers. The dumper uses the getHeaders method, which returns all values for the named header. Since it sees the Set-Cookie header twice, calling getHeaders returns both values, so it logs both values for each occurrence of the Set-Cookie header, so we see each cookie twice in the request log.

Attached patch ensures headers are unique before logging.
Comment 1 Mark Thomas 2020-02-25 14:04:53 UTC
I'm thinking that the return value for getHeaderNames() should be de-duplicated. The only scenarios I can think of where that would cause issues, the client is doing something unreasonable.
Comment 2 Mark Thomas 2020-02-25 19:45:42 UTC
Fixed in:
- master for 10.0.0-M2 onwards
- 9.0.x for 9.0.32 onwards
- 8.5.x for 8.5.52 onwards
- 7.0.x for 7.0.101 onwards