tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Issue reading a cookie having a colon in the value . Is this a bug in Tomcat 6.0.32 ?
Date Thu, 10 Feb 2011 16:28:48 GMT
Hash: SHA1


On 2/9/2011 2:49 AM, Reinwald Warapen wrote:
> On 2/9/2011 1:15 AM, Mark Thomas wrote:
>> I don't see any non-spec compliant behaviour here, just a broken user
>> agent.
> I dont think all the user agents are broken. Cause this happened on IE
> 8, Firefox 3.6 ,Chrome 9 and JMeter . I've even attached the logs and
> test project for your reference. If you still dont think its a problem
> then thanks for the help.

The cookie and HTTP spec say that a cookie value cannot contain an
unquoted value containing a ":", and that's exactly what you've got, there.

See: Sections 3.1 and 3.3.4
and Section 2.2 (specifically see the
definition of "token").

>     // Raw Response
>         HTTP/1.1 200 OK
>         Server: Apache-Coyote/1.1
>         Set-Cookie: JSESSIONID=DCA96AF717EBF0D2506A959CE415FA70; Path=/
>         Set-Cookie: testingcolon="test:test:test"; Version=1

Note the quoted value and version number of "1".

> B)Next Request
>     //Raw Request
>         GET http://localhost:8081/index.jsp HTTP/1.1
>         Connection: close
>         Cookie: $Version=0; JSESSIONID=DCA96AF717EBF0D2506A959CE415FA70; $Path=/; testingcolon=test:test:test

Note the unquoted value and the version of "0".

This looks like a broken user agent to me.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message