http://svn.apache.org/viewvc?view=rev&revision=627743 (ServerCookie.java)
Filip
Marcinek, Blazej wrote:
Ok, now I see why it fails with '=' char - but is there any way to make
Tomcat backward-compatible (e.g. with some System property, which I've
noticed proposed in some posts)?
The problem is that in our company we've got a common login web app,
which authenticates users and sets a domain-wide cookie for single sign
on - this cookie contains = chars, and unfortuntaly I don't control the
way how it's set (it doesn't have version 1 indicator). Then, my web app
(running on Tomcat) needs to fetch value of this cookie properly to
verify user's authentication - which worked fine till now, but on 5.5.26
the returned cookie value is truncated. Can this be worked around
somehow?
Kind regards,
Blazej Marcinek
-----Original Message-----
From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 19, 2008 3:22 PM
To: Tomcat Developers List
Subject: Re: Cookie handling issue (bug?) in Tomcat 5.5.26
they're not broken, read the servlet spec
http://marc.info/?t=120253944500001&r=1&w=2
Filip
Marcinek, Blazej wrote:
Hi,
I've just tried running Tomcat 5.5.26 and I've noticed a problem with
Cookie handling (though I'm not sure on which side it should be
corrected).
In our application we use cookies containing '=' (equals) characters
in
values - this used to work until now, but fails on 5.5.26.
I've ran a little investigation and it appears that setting cookie
with
= chars in value works fine (cookie is set properly with full value),
but when obtaining the cookie value later (via request.getCookies()...
getValue() sequence), the returned cookie value is truncated at the
first = character inside.
I.e. if I set the cookie "tmp" with value "a=b", I can see on HTTP
monitor that cookie was properly sent to browser, and again to server
in
following request (with full "a=b" value) - but the getValue() method
returns "a" instead.
Since the addCookie() works (and sets the value without complaining),
the latter truncation in get Value() looks like a bug in cookie
parser.
Can anyone confirm this?
Kind regards,
Blazej Marcinek
------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.20.7/1286 - Release Date:
2/18/2008 6:49 PM
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
