Ok, now I see why it fails with '=' char - but is there any way to make Tomcat backward-compatible (e.g. with some System property, which I've noticed proposed in some posts)?
The problem is that in our company we've got a common login web app, which authenticates users and sets a domain-wide cookie for single sign on - this cookie contains = chars, and unfortuntaly I don't control the way how it's set (it doesn't have version 1 indicator). Then, my web app (running on Tomcat) needs to fetch value of this cookie properly to verify user's authentication - which worked fine till now, but on 5.5.26 the returned cookie value is truncated. Can this be worked around somehow? Kind regards, Blazej Marcinek -----Original Message----- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 19, 2008 3:22 PM To: Tomcat Developers List Subject: Re: Cookie handling issue (bug?) in Tomcat 5.5.26 they're not broken, read the servlet spec http://marc.info/?t=120253944500001&r=1&w=2 Filip Marcinek, Blazej wrote: > Hi, > > I've just tried running Tomcat 5.5.26 and I've noticed a problem with > Cookie handling (though I'm not sure on which side it should be > corrected). > > In our application we use cookies containing '=' (equals) characters in > values - this used to work until now, but fails on 5.5.26. > I've ran a little investigation and it appears that setting cookie with > = chars in value works fine (cookie is set properly with full value), > but when obtaining the cookie value later (via request.getCookies()... > getValue() sequence), the returned cookie value is truncated at the > first = character inside. > > I.e. if I set the cookie "tmp" with value "a=b", I can see on HTTP > monitor that cookie was properly sent to browser, and again to server in > following request (with full "a=b" value) - but the getValue() method > returns "a" instead. > > Since the addCookie() works (and sets the value without complaining), > the latter truncation in get Value() looks like a bug in cookie parser. > Can anyone confirm this? > > Kind regards, > > Blazej Marcinek > > > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.516 / Virus Database: 269.20.7/1286 - Release Date: 2/18/2008 6:49 PM > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
