tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: Cookie handling issue (bug?) in Tomcat 5.5.26
Date Tue, 19 Feb 2008 16:58:20 GMT
http://svn.apache.org/viewvc?view=rev&revision=627743 (ServerCookie.java)

Filip

Marcinek, Blazej wrote:
> Ok, now I see why it fails with '=' char - but is there any way to make
> Tomcat backward-compatible (e.g. with some System property, which I've
> noticed proposed in some posts)?
>
> The problem is that in our company we've got a common login web app,
> which authenticates users and sets a domain-wide cookie for single sign
> on - this cookie contains = chars, and unfortuntaly I don't control the
> way how it's set (it doesn't have version 1 indicator). Then, my web app
> (running on Tomcat) needs to fetch value of this cookie properly to
> verify user's authentication - which worked fine till now, but on 5.5.26
> the returned cookie value is truncated. Can this be worked around
> somehow?
>
> Kind regards,
>
> Blazej Marcinek
>
>
> -----Original Message-----
> From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com] 
> Sent: Tuesday, February 19, 2008 3:22 PM
> To: Tomcat Developers List
> Subject: Re: Cookie handling issue (bug?) in Tomcat 5.5.26
>
> they're not broken, read the servlet spec
> http://marc.info/?t=120253944500001&r=1&w=2
>
> Filip
>
> Marcinek, Blazej wrote:
>   
>> Hi,
>>  
>> I've just tried running Tomcat 5.5.26 and I've noticed a problem with
>> Cookie handling (though I'm not sure on which side it should be
>> corrected).
>>  
>> In our application we use cookies containing '=' (equals) characters
>>     
> in
>   
>> values - this used to work until now, but fails on 5.5.26.
>> I've ran a little investigation and it appears that setting cookie
>>     
> with
>   
>> = chars in value works fine (cookie is set properly with full value),
>> but when obtaining the cookie value later (via request.getCookies()...
>> getValue() sequence), the returned cookie value is truncated at the
>> first = character inside.
>>  
>> I.e. if I set the cookie "tmp" with value "a=b", I can see on HTTP
>> monitor that cookie was properly sent to browser, and again to server
>>     
> in
>   
>> following request (with full "a=b" value) - but the getValue() method
>> returns "a" instead. 
>>  
>> Since the addCookie() works (and sets the value without complaining),
>> the latter truncation in get Value() looks like a bug in cookie
>>     
> parser. 
>   
>> Can anyone confirm this? 
>>  
>> Kind regards,
>>  
>> Blazej Marcinek
>>
>>   
>>
>>     
> ------------------------------------------------------------------------
>   
>> No virus found in this incoming message.
>> Checked by AVG Free Edition. 
>> Version: 7.5.516 / Virus Database: 269.20.7/1286 - Release Date:
>>     
> 2/18/2008 6:49 PM
>   
>>   
>>     
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message