https://bz.apache.org/bugzilla/show_bug.cgi?id=60788
Bug ID: 60788
Summary: Cookies value contains quotes when the Cookie header
contains $Version=1 and the header's value is enclosed
by quotes
Product: Tomcat 8
Version: 8.5.11
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ----
Under some rare circumstances it looks like Tomcat-8 is keeping quotes around
Cookie values where it shouldn't. It seems to be associated to the presence of
a $Version=1 token in the request's Cookie header. I noticed this behaviour in
a real world application's log with the following request:
User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1; A2 Build/LMY47I)
Cookie: $Version="1"; userId="foo";$Path="/";$Domain="www.example.org"
My application would read "foo" (including quotes) were it it actually should
be foo without quotes.
Skimming through RFCs 2109, 2965 and 6265 a value may be enclosed with quotes.
But I'm no expert on this, I just skimmed through the RFCs by looking at the
production rules and searching for the term "quote" to see if there are any
exeptions. For me, this request looks valid and the parsed Cookie value should
not contain quotes.
I created this SSCCE where the tests demonstrate the issue:
https://github.com/spring-projects/spring-boot-issues/pull/63/files
In the tests you can see that it only keeps quotes if the request contains a
$Version=1 token. Without that token, quotes are removed.
As you can see it's a Spring Boot application, but digging through the code, I
couldn't find any Cookie parsing code in Spring. They use the servlet API,
which is effectivly provided by an embedded Tomcat-8.5.11.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
