tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46125] New: Setting large cookies in the request causes Tomcat to abort the connection
Date Thu, 30 Oct 2008 00:44:02 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46125

           Summary: Setting large cookies in the request causes Tomcat to
                    abort the connection
           Product: Tomcat 6
           Version: 6.0.18
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: matt@thebishops.org


It is possible to store too many cookies, or cookies that are too large for the
header to properly carry. That's not good web programming, but still, it is
quite common when one is using a JS framework.

If such a set of cookies is constructed and sent to Tomcat as part of a
request, Tomcat panics and simply aborts the connection. This leads to a blank
screen with no source code on the client's browser. Or, it leads to a cryptic
error, like Safari's infamous "CFErrorDomainCFNetwork error 302" that drives
many a newsgroup to tears trying to figure out what is going wrong with the
server.

Expected: return a '400 Bad Request error' like apache does. That would help
the user know what is wrong with the request and help find a better resolution
to the condition.

I am attaching an HTML file that demonstrates this bug. Please run it in Tomcat
and Apache as a comparison. I believe Apache handles the situation correctly.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message