tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lenny Karpel <>
Subject Question about the processing of Cookie: headers.
Date Fri, 30 Aug 2002 18:14:32 GMT
Hello ..
One of my compatriots is having a problem with a 3rd party peice of software
that attempting to access a Tomcat 4.0.4 server.
The 3rd party software .. acting as a client .. is sending a requst with a
cookie: header with the following value ..
    JSESSIONID=F40180928E56604E197E25DEA7C4EF6F; domain=null; path=/ecs
Tomcat 4.0.4 complains with an IllegalArgumentException exception  ..
The exception occurs in the Coyote adaptor.. 
in method parseCookies .. when 'copying' the cookies for the current request
.. calling 'new Cookie()' ..
>From rfc 2109 the cookie header does appear to be 'wrong' since domain and
path .. in this case .. should be $Domain and $Path ..
However .. there is code in the jakarta-servletapi ..
javax.servlet.http.Cookie .. that I do have a question about ..
The code for the Cookie constructor disallows cookies with the names of the
set-cookie attribute values .. this is what is causing the above exception
Sooo .. the question is: Where in rfc 2109 does it say that cookie names
cannot be the names of the set-cookie attribute values ??
While I have reported back to the 3rd party that thier software has
'problems' .. I dont understand why Tomcat is performing the tests specified
in the code ..
If anyone could comment on this .. it would be greatly appreciated ..

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message