Re: Cookie handling issue (bug?) in Tomcat 5.5.26

> Ok, now I see why it fails with '=' char - but is there any way to make
> Tomcat backward-compatible (e.g. with some System property, which I've
> noticed proposed in some posts)?
>
> The problem is that in our company we've got a common login web app,
> which authenticates users and sets a domain-wide cookie for single sign
> on - this cookie contains = chars, and unfortuntaly I don't control the
> way how it's set (it doesn't have version 1 indicator). Then, my web app
> (running on Tomcat) needs to fetch value of this cookie properly to
> verify user's authentication - which worked fine till now, but on 5.5.26
> the returned cookie value is truncated. Can this be worked around
> somehow?
>
> Kind regards,
>
> Blazej Marcinek
>
>
> -----Original Message-----
> From: Filip Hanik - Dev Lists [mailto:devlists@...]
> Sent: Tuesday, February 19, 2008 3:22 PM
> To: Tomcat Developers List
> Subject: Re: Cookie handling issue (bug?) in Tomcat 5.5.26
>
> they're not broken, read the servlet spec
> http://marc.info/?t=120253944500001&r=1&w=2
>
> Filip
>
> Marcinek, Blazej wrote:
>  
>> Hi,
>>  
>> I've just tried running Tomcat 5.5.26 and I've noticed a problem with
>> Cookie handling (though I'm not sure on which side it should be
>> corrected).
>>  
>> In our application we use cookies containing '=' (equals) characters
>>    
> in
>  
>> values - this used to work until now, but fails on 5.5.26.
>> I've ran a little investigation and it appears that setting cookie
>>    
> with
>  
>> = chars in value works fine (cookie is set properly with full value),
>> but when obtaining the cookie value later (via request.getCookies()...
>> getValue() sequence), the returned cookie value is truncated at the
>> first = character inside.
>>  
>> I.e. if I set the cookie "tmp" with value "a=b", I can see on HTTP
>> monitor that cookie was properly sent to browser, and again to server
>>    
> in
>  
>> following request (with full "a=b" value) - but the getValue() method
>> returns "a" instead.
>>  
>> Since the addCookie() works (and sets the value without complaining),
>> the latter truncation in get Value() looks like a bug in cookie
>>    
> parser.
>  
>> Can anyone confirm this?
>>  
>> Kind regards,
>>  
>> Blazej Marcinek
>>
>>  
>>
>>    
> ------------------------------------------------------------------------
>  
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.5.516 / Virus Database: 269.20.7/1286 - Release Date:
>>    
> 2/18/2008 6:49 PM
>  
>>  
>>    
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@...
> For additional commands, e-mail: dev-help@...
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@...
> For additional commands, e-mail: dev-help@...
>
>
>
>