tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcinek, Blazej" <>
Subject RE: Cookie handling issue (bug?) in Tomcat 5.5.26
Date Tue, 19 Feb 2008 16:18:50 GMT
Ok, now I see why it fails with '=' char - but is there any way to make
Tomcat backward-compatible (e.g. with some System property, which I've
noticed proposed in some posts)?

The problem is that in our company we've got a common login web app,
which authenticates users and sets a domain-wide cookie for single sign
on - this cookie contains = chars, and unfortuntaly I don't control the
way how it's set (it doesn't have version 1 indicator). Then, my web app
(running on Tomcat) needs to fetch value of this cookie properly to
verify user's authentication - which worked fine till now, but on 5.5.26
the returned cookie value is truncated. Can this be worked around

Kind regards,

Blazej Marcinek

-----Original Message-----
From: Filip Hanik - Dev Lists [] 
Sent: Tuesday, February 19, 2008 3:22 PM
To: Tomcat Developers List
Subject: Re: Cookie handling issue (bug?) in Tomcat 5.5.26

they're not broken, read the servlet spec


Marcinek, Blazej wrote:
> Hi,
> I've just tried running Tomcat 5.5.26 and I've noticed a problem with
> Cookie handling (though I'm not sure on which side it should be
> corrected).
> In our application we use cookies containing '=' (equals) characters
> values - this used to work until now, but fails on 5.5.26.
> I've ran a little investigation and it appears that setting cookie
> = chars in value works fine (cookie is set properly with full value),
> but when obtaining the cookie value later (via request.getCookies()...
> getValue() sequence), the returned cookie value is truncated at the
> first = character inside.
> I.e. if I set the cookie "tmp" with value "a=b", I can see on HTTP
> monitor that cookie was properly sent to browser, and again to server
> following request (with full "a=b" value) - but the getValue() method
> returns "a" instead. 
> Since the addCookie() works (and sets the value without complaining),
> the latter truncation in get Value() looks like a bug in cookie
> Can anyone confirm this? 
> Kind regards,
> Blazej Marcinek
> No virus found in this incoming message.
> Checked by AVG Free Edition. 
> Version: 7.5.516 / Virus Database: 269.20.7/1286 - Release Date:
2/18/2008 6:49 PM

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message