tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Webapp with underscore in it's name leads to failed session-cookies
Date Fri, 24 Jun 2016 15:22:23 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 6/22/16 6:58 AM, Mark Thomas wrote:
> On 22/06/2016 11:29, Mark Thomas wrote:
>> On 22/06/2016 09:28, Markus Näher wrote:
> 
>>> In the web console of firefox, I could see that the session
>>> cookie was set with the path /jsf%5ftest, while other cookies
>>> (set by myfaces) were correctly set with the path /jsf_test. It
>>> looks like firefox treats /jsf_test and /jsf%5ftest as
>>> different pathes and therefore does not send the session cookie
>>> with the next request, while chromium ignores the difference.
>> 
>> I see a similar issue if I rename the examples web application
>> to "exa_mples". It shouldn't take me too long to figure out where
>> things are going wrong.
> 
> Tomcat is correctly setting the path for the session cookie as
> "/exa_mples"
> 
>> I'll keep that in mind once I figure out the root cause. It may
>> impact how we fix this.
> 
> The problem is that FireFox, by default, encodes all URIs and
> doesn't take account of the encoding when matching URIs to cookie
> paths. Failing to account for encoding looks like a FireFox bug to
> me.
> 
> A possible work-around is to disable the automatic encoding of URLs
> that FireFox provides by setting network.standard-url.encode-utf8
> to false under about:config.
> 
>>> Unfortunately, my real-world productive project has an
>>> underscore in it's name too, but as many users have bookmarked
>>> it, I can't just rename it.
>>> 
>>> Is this a bug in tomcat ?
>> 
>> At this point I'd say it is likely but until I dig into this to
>> figure out exactly what the root cause is, I can't be sure.
> 
> No, it is a FireFox bug. And a long standing one at that. 
> https://bugzilla.mozilla.org/show_bug.cgi?id=665851

Something doesn't smell right, here.

I've been using Mozilla Firefox and Tomcat together for ... ever and
my primary web application used for development is called
"cschultz-[product]" (note the hyphen). I have never ever had any
issues with that hyphen bring broken anywhere along the way. (I'm not
sure I've tried an underscore... I could try that). Here are my
relevant settings from about:config:

network.standard-url.encode-utf8;true
network.standard-url.escape-utf8;true

Does this only effect underscores?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXbVAvAAoJEBzwKT+lPKRYcC4QAJ9vK+NvkJCTDKfW80BaLZSO
j7jXWgbMf9rOTGfV7BSD+seBcId2ixJjOjod2yNJJ21d83BXbdPFGP96staRTt3v
8TOB/42WBIlfMt+CHvI/ltVBUsQ644so55qy6HrQcBO9yjVJiy3mzyJMTjAjLGZW
nGvnZm4enUGqPqiPgY26TRxOR9toNpH9mq4qHQdSM+vesLnB7t0C2pNt0v5Wj3Og
Nr6g8GIWN0czA8eClUp8I4PQP/ZCEs5o8lbkBo9MCmz7H0uijEIfI7R0uDE2ptWy
pZ8N7a4kv/8LHZdShGQJ/RSUDVTb3dbaI2rfpOfKmKEVmt3LSEgHNb6N+DB64KLW
qMXhiKqiSqi2UUOgOZvbBmfpcDFPEd7uYTnHzXjojeOsKxF5jtVxpgEGrWTcTY9t
F3BdVk5PuYUZTAI3fpOT5CuAHfZ8hThi7ouWiIjo9LlYBq8senEXteXwTvZnfJGc
rsOq7ADHQX1T7MQjrH7qqIfSeXb0ekaucRubp2uXH6WSZ7kbGmssUc5M/ZTEOcWu
NJr+XXHKyp7+8ubBgTWZLRVnl1ZrMLAQMklIEj3TbURYUlSQTKDLkwGHHDyFNZck
mamDfoiu/zSbOn6ocuoDBm0UXfK24FDbf/Ega7Y7V+ChFuKPLKdf8pUNPGkuqBmA
Q8lPLYh11HWvayvXTP50
=TobU
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message