tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 46125] New: Setting large cookies in the request causes Tomcat to abort the connection
Date Thu, 30 Oct 2008 00:44:02 GMT

           Summary: Setting large cookies in the request causes Tomcat to
                    abort the connection
           Product: Tomcat 6
           Version: 6.0.18
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina

It is possible to store too many cookies, or cookies that are too large for the
header to properly carry. That's not good web programming, but still, it is
quite common when one is using a JS framework.

If such a set of cookies is constructed and sent to Tomcat as part of a
request, Tomcat panics and simply aborts the connection. This leads to a blank
screen with no source code on the client's browser. Or, it leads to a cryptic
error, like Safari's infamous "CFErrorDomainCFNetwork error 302" that drives
many a newsgroup to tears trying to figure out what is going wrong with the

Expected: return a '400 Bad Request error' like apache does. That would help
the user know what is wrong with the request and help find a better resolution
to the condition.

I am attaching an HTML file that demonstrates this bug. Please run it in Tomcat
and Apache as a comparison. I believe Apache handles the situation correctly.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message