|
»
»
Cookie handling issue (bug?) in Tomcat 5.5.26
|
View:
New views
4 Messages
—
Rating Filter:
Alert me
|
 |
Cookie handling issue (bug?) in Tomcat 5.5.26
by Marcinek, Blazej
::
Rate this Message:
Hi,
I've just tried running Tomcat 5.5.26 and I've noticed a problem with Cookie handling (though I'm not sure on which side it should be corrected). In our application we use cookies containing '=' (equals) characters in values - this used to work until now, but fails on 5.5.26. I've ran a little investigation and it appears that setting cookie with = chars in value works fine (cookie is set properly with full value), but when obtaining the cookie value later (via request.getCookies()... getValue() sequence), the returned cookie value is truncated at the first = character inside. I.e. if I set the cookie "tmp" with value "a=b", I can see on HTTP monitor that cookie was properly sent to browser, and again to server in following request (with full "a=b" value) - but the getValue() method returns "a" instead. Since the addCookie() works (and sets the value without complaining), the latter truncation in get Value() looks like a bug in cookie parser. Can anyone confirm this? Kind regards, Blazej Marcinek |
|
|
Re: Cookie handling issue (bug?) in Tomcat 5.5.26
by Filip Hanik - Dev Lists
::
Rate this Message:
they're not broken, read the servlet spec
http://marc.info/?t=120253944500001&r=1&w=2 Filip Marcinek, Blazej wrote: > Hi, > > I've just tried running Tomcat 5.5.26 and I've noticed a problem with > Cookie handling (though I'm not sure on which side it should be > corrected). > > In our application we use cookies containing '=' (equals) characters in > values - this used to work until now, but fails on 5.5.26. > I've ran a little investigation and it appears that setting cookie with > = chars in value works fine (cookie is set properly with full value), > but when obtaining the cookie value later (via request.getCookies()... > getValue() sequence), the returned cookie value is truncated at the > first = character inside. > > I.e. if I set the cookie "tmp" with value "a=b", I can see on HTTP > monitor that cookie was properly sent to browser, and again to server in > following request (with full "a=b" value) - but the getValue() method > returns "a" instead. > > Since the addCookie() works (and sets the value without complaining), > the latter truncation in get Value() looks like a bug in cookie parser. > Can anyone confirm this? > > Kind regards, > > Blazej Marcinek > > > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.516 / Virus Database: 269.20.7/1286 - Release Date: 2/18/2008 6:49 PM > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@... |
|
|
RE: Cookie handling issue (bug?) in Tomcat 5.5.26
by Marcinek, Blazej
::
Rate this Message:
Ok, now I see why it fails with '=' char - but is there any way to make
Tomcat backward-compatible (e.g. with some System property, which I've noticed proposed in some posts)? The problem is that in our company we've got a common login web app, which authenticates users and sets a domain-wide cookie for single sign on - this cookie contains = chars, and unfortuntaly I don't control the way how it's set (it doesn't have version 1 indicator). Then, my web app (running on Tomcat) needs to fetch value of this cookie properly to verify user's authentication - which worked fine till now, but on 5.5.26 the returned cookie value is truncated. Can this be worked around somehow? Kind regards, Blazej Marcinek -----Original Message----- From: Filip Hanik - Dev Lists [mailto:devlists@...] Sent: Tuesday, February 19, 2008 3:22 PM To: Tomcat Developers List Subject: Re: Cookie handling issue (bug?) in Tomcat 5.5.26 they're not broken, read the servlet spec http://marc.info/?t=120253944500001&r=1&w=2 Filip Marcinek, Blazej wrote: > Hi, > > I've just tried running Tomcat 5.5.26 and I've noticed a problem with > Cookie handling (though I'm not sure on which side it should be > corrected). > > In our application we use cookies containing '=' (equals) characters in > values - this used to work until now, but fails on 5.5.26. > I've ran a little investigation and it appears that setting cookie with > = chars in value works fine (cookie is set properly with full value), > but when obtaining the cookie value later (via request.getCookies()... > getValue() sequence), the returned cookie value is truncated at the > first = character inside. > > I.e. if I set the cookie "tmp" with value "a=b", I can see on HTTP > monitor that cookie was properly sent to browser, and again to server in > following request (with full "a=b" value) - but the getValue() method > returns "a" instead. > > Since the addCookie() works (and sets the value without complaining), > the latter truncation in get Value() looks like a bug in cookie parser. > Can anyone confirm this? > > Kind regards, > > Blazej Marcinek > > > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.516 / Virus Database: 269.20.7/1286 - Release Date: 2/18/2008 6:49 PM > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@... --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@... |
|
|
Re: Cookie handling issue (bug?) in Tomcat 5.5.26
by Filip Hanik - Dev Lists
::
Rate this Message:
http://svn.apache.org/viewvc?view=rev&revision=627743 (ServerCookie.java)
Filip Marcinek, Blazej wrote: > Ok, now I see why it fails with '=' char - but is there any way to make > Tomcat backward-compatible (e.g. with some System property, which I've > noticed proposed in some posts)? > > The problem is that in our company we've got a common login web app, > which authenticates users and sets a domain-wide cookie for single sign > on - this cookie contains = chars, and unfortuntaly I don't control the > way how it's set (it doesn't have version 1 indicator). Then, my web app > (running on Tomcat) needs to fetch value of this cookie properly to > verify user's authentication - which worked fine till now, but on 5.5.26 > the returned cookie value is truncated. Can this be worked around > somehow? > > Kind regards, > > Blazej Marcinek > > > -----Original Message----- > From: Filip Hanik - Dev Lists [mailto:devlists@...] > Sent: Tuesday, February 19, 2008 3:22 PM > To: Tomcat Developers List > Subject: Re: Cookie handling issue (bug?) in Tomcat 5.5.26 > > they're not broken, read the servlet spec > http://marc.info/?t=120253944500001&r=1&w=2 > > Filip > > Marcinek, Blazej wrote: > >> Hi, >> >> I've just tried running Tomcat 5.5.26 and I've noticed a problem with >> Cookie handling (though I'm not sure on which side it should be >> corrected). >> >> In our application we use cookies containing '=' (equals) characters >> > in > >> values - this used to work until now, but fails on 5.5.26. >> I've ran a little investigation and it appears that setting cookie >> > with > >> = chars in value works fine (cookie is set properly with full value), >> but when obtaining the cookie value later (via request.getCookies()... >> getValue() sequence), the returned cookie value is truncated at the >> first = character inside. >> >> I.e. if I set the cookie "tmp" with value "a=b", I can see on HTTP >> monitor that cookie was properly sent to browser, and again to server >> > in > >> following request (with full "a=b" value) - but the getValue() method >> returns "a" instead. >> >> Since the addCookie() works (and sets the value without complaining), >> the latter truncation in get Value() looks like a bug in cookie >> > parser. > >> Can anyone confirm this? >> >> Kind regards, >> >> Blazej Marcinek >> >> >> >> > ------------------------------------------------------------------------ > >> No virus found in this incoming message. >> Checked by AVG Free Edition. >> Version: 7.5.516 / Virus Database: 269.20.7/1286 - Release Date: >> > 2/18/2008 6:49 PM > >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@... > For additional commands, e-mail: dev-help@... > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@... > For additional commands, e-mail: dev-help@... > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@... |
| Free embeddable forum powered by Nabble | Forum Help |
