tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcinek, Blazej" <blazej.marci...@roche.com>
Subject RE: Cookie handling issue (bug?) in Tomcat 5.5.26
Date Tue, 19 Feb 2008 16:18:50 GMT
Ok, now I see why it fails with '=' char - but is there any way to make
Tomcat backward-compatible (e.g. with some System property, which I've
noticed proposed in some posts)?

The problem is that in our company we've got a common login web app,
which authenticates users and sets a domain-wide cookie for single sign
on - this cookie contains = chars, and unfortuntaly I don't control the
way how it's set (it doesn't have version 1 indicator). Then, my web app
(running on Tomcat) needs to fetch value of this cookie properly to
verify user's authentication - which worked fine till now, but on 5.5.26
the returned cookie value is truncated. Can this be worked around
somehow?

Kind regards,

Blazej Marcinek


-----Original Message-----
From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com] 
Sent: Tuesday, February 19, 2008 3:22 PM
To: Tomcat Developers List
Subject: Re: Cookie handling issue (bug?) in Tomcat 5.5.26

they're not broken, read the servlet spec
http://marc.info/?t=120253944500001&r=1&w=2

Filip

Marcinek, Blazej wrote:
> Hi,
>  
> I've just tried running Tomcat 5.5.26 and I've noticed a problem with
> Cookie handling (though I'm not sure on which side it should be
> corrected).
>  
> In our application we use cookies containing '=' (equals) characters
in
> values - this used to work until now, but fails on 5.5.26.
> I've ran a little investigation and it appears that setting cookie
with
> = chars in value works fine (cookie is set properly with full value),
> but when obtaining the cookie value later (via request.getCookies()...
> getValue() sequence), the returned cookie value is truncated at the
> first = character inside.
>  
> I.e. if I set the cookie "tmp" with value "a=b", I can see on HTTP
> monitor that cookie was properly sent to browser, and again to server
in
> following request (with full "a=b" value) - but the getValue() method
> returns "a" instead. 
>  
> Since the addCookie() works (and sets the value without complaining),
> the latter truncation in get Value() looks like a bug in cookie
parser. 
> Can anyone confirm this? 
>  
> Kind regards,
>  
> Blazej Marcinek
>
>   
>
------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition. 
> Version: 7.5.516 / Virus Database: 269.20.7/1286 - Release Date:
2/18/2008 6:49 PM
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message