path = PATH_DELIM;
}
host = host.toLowerCase();
// check version
if (cookie.getVersion() < 0) {
throw new MalformedCookieException ("Illegal version number "
+ cookie.getValue());
}
// security check... we musn't allow the server to give us an
// invalid domain scope
// Validate the cookies domain attribute. NOTE: Domains without
// any dots are allowed to support hosts on private LANs that don't
// have DNS names. Since they have no dots, to domain-match the
// request-host and domain must be identical for the cookie to sent
// back to the origin-server.
if (host.indexOf(".") >= 0) {
// Not required to have at least two dots. RFC 2965.
// A Set-Cookie2 with Domain=ajax.com will be accepted.
// domain must match host
if (!host.endsWith(cookie.getDomain())) {
String s = cookie.getDomain();
if (s.startsWith(".")) {
s = s.substring(1, s.length());
}
if (!host.equals(s)) {
throw new MalformedCookieException(
"Illegal domain attribute \"" + cookie.getDomain()
+ "\". Domain of origin: \"" + host + "\"");
}
}
} else {
if (!host.equals(cookie.getDomain())) {
throw new MalformedCookieException(
"Illegal domain attribute \"" + cookie.getDomain()
+ "\". Domain of origin: \"" + host + "\"");
}
}
}