tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: cookie issue with Tomcat 7 - does not accept the character "é"
Date Sun, 02 Feb 2014 20:00:09 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Kevin,

On 2/2/14, 2:31 PM, Callinswood,Kevin,VEVEY,GLOBE BTC wrote:
> We have upgraded to Tomcat 7 from Tomcat 6 and we are now facing 
> issues due to some of the standard company cookies containing an
> "é".
> 
> Tomcat 6 accepted the "é" but upgrading to Tomcat 7 we get an
> error if the "é" is any parameter except for the 1st position.

What you do mean "any parameter except for the 1st position"? You said
this was about cookies...

> The error received is:
> 
> SEVERE: Error processing request 
> java.lang.IllegalArgumentException: Control character in cookie
> value or attribute.

Can you give a protocol dump including byte-translation? For example,
é is usually expressed as 0xc9 and appears in ISO-8859-1 as a single
byte. Since it's in the top-half of the ISO-8859-1 character set,
UTF-8 requires that it be represented by two bytes: 0xc3 0xa9

Without quoting, unquoted Cookie names and values may be any US-ASCII
character from 0x32 - 0x7e except for any of ("(" | ")" | "<" | ">" |
"@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{"
| "}" | SP | HT). None of the characters above are within that range,
so the cookie value must be quoted. (It looks to me like Cookie names
must always be in US-ASCII... I didn't think that was the case but I'm
not motivated to track-down every word of the spec looking for
justification).

What is the character encoding of the request? What client are you
using? Who created the cookie in the first place?

> I have tried playing around with the parameters in the 
> catalana.properties file but with no success.  Is there a way to 
> remove all checking of cookies ?

Tomcat has become more standards-strict in version 7. This page should
give you a bit of insight, though it is quite technical:
http://wiki.apache.org/tomcat/Cookies

> Possible solutions are to revert to Tomcat 6, change web server,
> or encode the cookies.  We are planning a go-live a week from now
> so reverting to Tomcat 6 seems to be the solution in the short
> term.

You decided to start testing with a new major application server
version 1 week before deployment? Hmm. Sounds like using Tomcat 6 is
the right short-term move. You really need to identify the problem,
though: it's only going to get worse.

Now, if you had Tomcat 6 create those cookies and the client is
sending them back tom Tomcat 7, then you may want to expire those old
cookies and see what a Tomcat 7 roundtrip looks like. Tomcat 7 may be
more properly encoding the cookies in the first place, solving the
problem before it begins.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS7qPGAAoJEBzwKT+lPKRYmeEP/A8O5vxtTJ2dnQnQn6dzkNv7
g+YSx8c1Va1QkHlZe1vUefUlZJ1SkzFivbmyTX3TFsKI8wDPNOWRjJusHxDKnIjl
URpeCew8/1vUWtuN1xvCXO4OWE5UdPRktmKn+aO4anuKvZGrl7OnEMXx0Ans4U9k
6SLYcYkT8rnwjrwyp5/xoc8hEaUWRHQZCNAaU1//OC0OFV+MLiL2IgVucg8CdvIk
v/z5DxIvGvhTkHBzWztlOku6l43yyJMEs8XsYPGwOgAY4KYu1vDLMBtDq3HZ9Coz
mSX3ytGrth3XAJbPdcopYcVU96XFEtOPwvBcGU+GEVf2Gc0C1GWE1ZVntwlTAbvD
TBISsjzuOouI/6LjjdCAUnHNBjnHGv0vk0R3CFXu4igxDKM/2CrBA/keJ7IUYQku
dB/y4hsNPkQ4wHJVLof7l+bYI6TbzS6xVpR3QPwlmVub0mRiYND4kcnDYrf21SFU
hsAewZyRGxk41pM/Y5e0Ep1tCqVbgMn76nwuhmL07YLnkY7+75LMVJgnT2HA4ZXh
SUwB2zp4qa43baQ0T+iAe6a1wEPRjdlV2PKeHlFv1u304HG8Ke4bB6QBQWlWDXYr
lqiqMetQNrkKK6WXmGkvkXnu736EGizeMY/D+C7RFPb5i+7ejsX/nMV5C6nHrZM9
xX9SxRXlZkABNFwV+8kg
=0leN
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message