tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Issue reading a cookie having a colon in the value . Is this a bug in Tomcat 6.0.32 ?
Date Thu, 10 Feb 2011 16:28:48 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reinwald,

On 2/9/2011 2:49 AM, Reinwald Warapen wrote:
> On 2/9/2011 1:15 AM, Mark Thomas wrote:
>> I don't see any non-spec compliant behaviour here, just a broken user
>> agent.
>
> I dont think all the user agents are broken. Cause this happened on IE
> 8, Firefox 3.6 ,Chrome 9 and JMeter . I've even attached the logs and
> test project for your reference. If you still dont think its a problem
> then thanks for the help.

The cookie and HTTP spec say that a cookie value cannot contain an
unquoted value containing a ":", and that's exactly what you've got, there.

See:
http://www.faqs.org/rfcs/rfc2965.html Sections 3.1 and 3.3.4
and
http://www.faqs.org/rfcs/rfc2616.html Section 2.2 (specifically see the
definition of "token").

>     // Raw Response
>         HTTP/1.1 200 OK
>         Server: Apache-Coyote/1.1
>         Set-Cookie: JSESSIONID=DCA96AF717EBF0D2506A959CE415FA70; Path=/
>         Set-Cookie: testingcolon="test:test:test"; Version=1

Note the quoted value and version number of "1".

> B)Next Request
> 
>     //Raw Request
>         GET http://localhost:8081/index.jsp HTTP/1.1
>         Connection: close
>         Cookie: $Version=0; JSESSIONID=DCA96AF717EBF0D2506A959CE415FA70; $Path=/; testingcolon=test:test:test

Note the unquoted value and the version of "0".

This looks like a broken user agent to me.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1UEkAACgkQ9CaO5/Lv0PC56QCgsRVJjCSzh28coDIUN/byEv6t
ioIAoKRWhU+7toPNmDAAma3yuV/UFsTU
=0E6M
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message