tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Slawek Zachcial <slawek_zachc...@yahoo.com>
Subject header value too long - 400 error - is that good?
Date Sat, 09 Feb 2002 11:44:52 GMT
Hi,

I have the following problem. I think it's more for
Tomcat developers than for users so I'm posting it
here.

Let's say you have three servers (not Tomcat :-).
dev1.toto.com, dev2.toto.com, dev3.toto.com. Each of
these servers sets a very long permanent cookie on
client's machine. The client uses all three servers.
Now, let's say you have your great app running on
Tomcat: mytomcatapp.toto.com.

Finally let's say the cookie domain for devX is set to
toto.com.

So all the cookies (from devX) are sent back to your
tomcat app when you try to access its pages. 

In that case tomcat generates HTTP 400. I checked in
the source code and it seems that the header value
size limit is set to 4K.

The bottom line is that some other web applications
may prevent your app users to access your tomcat app.
I had that experience :-(((.

Maybe the "400 error" behaviour should be slightly
modified. Instead of sending this error maybe only 4K
should be read from header value? But I guess there
may be some other concerns behind the scene (ex.
security).

cheers,
slawek

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message