Am 2010-07-24 11:13:50, schrieb Nirgal Vourgère: > I had a quick look at rfc 2109, and I couldn't find a place where it > says "it MUST not be quoted". > Where did you get that information?
AFAIK from the Apache website (or maybe PHP). There was something about Socket programming and direct interfacing. > My problem is when the value is a quoted-string. But quotes should be normaly ignored if NOT escaped. > I encoutered that problem with my bank website. > https://www.coopanet.com/banque/sso/co/connexion.do I have checked the Bank but Firefox/Iceweasel does not save the QUOTES because there are no quotes. ----[ command 'curl -i https://www.coopanet.com/banque/sso/co/connexion.do']-- HTTP/1.1 200 OK Date: Sat, 24 Jul 2010 20:54:52 GMT X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP06 (build: SVNTag=JBPAPP_4_3_0_GA_CP06 date=200907141202)/JBossWeb-2.0 Content-Type: text/html;charset=ISO-8859-1 Set-Cookie: ARPTCN=YQIOZISensor_CNCKQMU; path=/ Set-Cookie: JSESSIONID=3D92743654D368BFAA2BB115F7B8EFE6; Path=/ Set-Cookie: ccsite=C; Path=/ Cache-Control: max-age=0 Expires: Sat, 24 Jul 2010 20:54:52 GMT Vary: Accept-Encoding,User-Agent Duration: D=16597 microseconds Set-Cookie: TS5acdf8=2055ce8fe8a61f1cfceb6b38d8dc79cbcf1338b9380bdff34c4b53148481163c0b6f0b5ecd83b3d73a91194f; Max-Age=900; Path=/ Transfer-Encoding: chunked ------------------------------------------------------------------------ ----[ command 'wget -S -O /dev/null https://www.coopanet.com/banque/sso/co/connexion.do']-- HTTP/1.1 200 OK Date: Sat, 24 Jul 2010 20:47:25 GMT X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP06 (build: SVNTag=JBPAPP_4_3_0_GA_CP06 date=200907141202)/JBossWeb-2.0 Content-Type: text/html;charset=ISO-8859-1 Set-Cookie: ARPTCN=YQIOZISensor_CNCKQMU; path=/ Set-Cookie: JSESSIONID=02017D8114FA53CEF6EF2953DCEB1B2F; Path=/ Set-Cookie: ccsite=C; Path=/ Cache-Control: max-age=0 Expires: Sat, 24 Jul 2010 20:47:25 GMT Vary: Accept-Encoding,User-Agent Duration: D=17062 microseconds Connection: close Set-Cookie: TS5acdf8=24f6e1c282513aa2411dbdb34ed57d7adf58a6fd2325e35b4c4b51558481163c0b6f0b5ecd83b3d73a91194f; Max-Age=900; Path=/ ------------------------------------------------------------------------ I can even connect with "telnet-ssl" and there are NO quotes arround the COOKIES. However, the Server is the last crap! Is it on a Dial-Up? > I have no idea what software they are using, and obvisouly I'll not > post my login/password here. > The error is that I cannot login. Ehm, you are using WGET on a bank account to login? You are suspect! If I was the owner/sysadmin of the bank, I would call this as a hack attempt or somethinglike thi because it is definitively not normal to use WGET to connenct to a bank site and log into. On some of my websites, unknown USER_AGENT strings would immediatly trigger an alarm. > Maybe the way they analyze the cookie value, and their quotes, is not > in the best practices, but I will not contact them about that, while > other http clients work fine. > > I spent a full day pinpointing the error to the missing quotes. > Believe me, this is what causes the problem. :-D > Allow me to disagree with you. > I tried curl and iceweasel, and both works ok with that website. And > they do not remove the quotes when there are some. > It would have save me some time if I had known about that earlier. How, how do you access the site? I was accessing the site using wget and it works (I used the /demo/ directory) and it accepted my cookies I send back... > If, as you suggest, "there is nothing in the specification which > require quotes", why not store it as the first character of the > value? I guess that's what other http clients do. COOKIES are stored as they are... and there are no quotes. > Peace Thanks, Greetings and nice Day/Evening Michelle Konzack -- ##################### Debian GNU/Linux Consultant ###################### Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle Konzack Owner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix <http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/> <http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/> Jabber linux4miche...@jabber.ccc.de ICQ #328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/
signature.pgp
Description: Digital signature
