tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 55920] Quotes should not be removed from quoted cookie values
Date Sat, 04 Jan 2014 18:59:41 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=55920

--- Comment #1 from Jeremy Boynes <jboynes@apache.org> ---
As an example, a cookie with value «"value"» (I'm using angled quotes in this
comment for clarity) that is set using:
  Cookie cookie = new Cookie("test", "\"value\"");
  response.addCookie(cookie);
will correctly set a cookie in the browser with the value «"value"»  that will
then be returned to the server. However, when the value is retrieved using
getCookies() and getValue() the string returned is just «value» 

However, if the value supplied is «a"b» then the value set in the browser
becomes «"a\"b"» which does not match the value set. This will be returned to
servers using the header:
  Cookie:test="x\"y"
Tomcat removes the leading and trailing quotes resulting a self-consistent
round trip but other servers that treat this correctly as a V0 header will
include those quotes in the value resulting in inconsistency.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message