Adding cookies that contain directives that aren't directly supported in Servlet API, such as SameSite for example, requires writing cookie directly using HttpServletResponse#addHeader, instead of commonly used HttpServletResponse#addCookie.
As MockHttpServletResponse doesn't have any special treatment for Set-Cookie header (i.e. doesn't parse and add cookies that were added directly as headers), testing of code that writes cookies in the manner described above is quite a painful experience.
Affects: 4.3.18, 5.0.8, 5.1 RC1
#21854 MockCookie parsing fails if cookie does not include attributes
Since MockHttpServletResponse writes the cookie header, couldn't we create an extension of Cookie with the extra properties in the same package, for testing purposes? We could call it MockCookie for consistency, or RfcTestCookie perhaps.
I agree that the custom Cookie implementation would provide the best developer experience here. That would also eliminate all the workarounds we had to do in Spring Session tests while implementing support for SameSite cookie directive in our Servlet API based CookieSerializer.
I'll pick this up, and update the PR over the next day or two.
Hm do we need the parsing? What about enhancing addCookie and getCookieHeader to detect MockCookie and also append sameSite to the header value? Is this because the code under test sets the header directly?
Yes, it is because the cookie is being set as a Set-Cookie header and needs to be added to MockHttpServletResponse#cookies.
I went with MockCookie#parse approach because I though that was consistent which handling of other special cases in MockHttpServletResponse#setSpecialHeader and the fact that we need to be able to retrieve cookie set as a Set-Cookie header using HttpServletResponse#getCookie.
I see your point on enhancing MockHttpServletResponse#getCookieHeader though, I'll address that.