tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 12310] New: - Problems with Cookie processing
Date Wed, 04 Sep 2002 18:32:49 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12310>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12310

Problems with Cookie processing

           Summary: Problems with Cookie processing
           Product: Tomcat 4
           Version: 4.0.4 Final
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: Servlet & JSP API
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: lkarpel@eloquent.com


One of my compatriots is having a problem with a 3rd party peice of software 
that attempting to access a Tomcat 4.0.4 server.
 
The 3rd party software .. acting as a client .. is sending a requst with a
cookie: header with the following value ..
 
    JSESSIONID=F40180928E56604E197E25DEA7C4EF6F; domain=null; path=/ecs
 
Tomcat 4.0.4 complains with an IllegalArgumentException exception  ..
 
The exception occurs in the Coyote adaptor.. 
 
    org.apache.coyote.tomcat4CoyoteAdapter
 
in method parseCookies .. when 'copying' the cookies for the current request .. 
calling 'new Cookie()' ..
 
>From rfc 2109 the cookie header does appear to be 'wrong' since domain and 
path .. in this case .. should be $Domain and $Path ..
 
However .. there is code in the jakarta-servletapi .. 
javax.servlet.http.Cookie .. that I do have a question about ..
 
The code for the Cookie constructor disallows cookies with the names of the set-
cookie attribute values .. this is what is causing the above exception ..
 
Sooo .. the question is: Where in rfc 2109 does it say that cookie names cannot 
be the names of the set-cookie attribute values ??
 
While I have reported back to the 3rd party that thier software 
has 'problems' .. I dont understand why Tomcat is performing the tests 
specified in the code ..
 
If anyone could comment on this .. it would be greatly appreciated ..
 
Len

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message