Java Servlet API 2.5 Cookie.getDomain() always returns null

Question

I'm having an issue using the Cookie class of the Servlet API 2.5 on Tomcat . I pull out the list of cookies from the HttpServletRequest object and iterate over them like so:

Cookie[] cookies = request.getCookies();

for(Cookie cookie : cookies) {
 System.out.println("Name=" + cookie.getName() + " Domain=" + cookie.getDomain());
}

However, for every single cookie in the request the Domain is null. Why is this? The reason I'm asking is because I have a cookie with the same name in two different domains and I want to be able to differentiate between them based on the domain. To help clarify the situation, my identically named cookies are being set in .anydomain.net and .subdomain.anydomain.net. Both are getting sent in the request but the domains are null when they get to the servlet. Is it expected behavior that the servlet cannot see the domain of cookies sent to it?

Edit: I set the cookies along with domain,expiration,and path in a previous request to the servlet. The next request coming into the browser with these cookies shows the domain as null. I have verified the cookies are getting set in the right domains in the browser.

Edit 2: I'm using Tomcat 6

Answer 1

Are you sure that you can get anything except the value from request cookies? The browser will send only name=value in the HTTP Cookie header.

Other attributes (secure, domain, path, expiration) are only available for cookies that you set into the response yourself. They are used to create the Set-Cookie response headers.

Answer 2

Properties such as domain are only used for a cookie when it is a part of the response (i.e. in Set-Cookie header). A client (such as a web browser) should only send the cookies that have the correct domain (path, etc.). The request thus only sees values because the header itself (Cookie) only contains values. Your client should not be sending cookies from different domains to the server.