https://issues.apache.org/bugzilla/show_bug.cgi?id=44679
--- Comment #5 from David Lewis <[EMAIL PROTECTED]> 2008-03-29 22:13:51 PST --- Bug 44705 has been listed as a duplicate of this bug - but I am unsure that this is the case ... According the the specification for version 0 (or Netscape) cookies (reference: http://wp.netscape.com/newsref/std/cookie_spec.html) - the NAME=VALUE portion of a cookie "is a sequence of characters excluding semi-colon, comma and white space". The issue that I have been experiencing with Tomcat 5.5.26 if the cookie NAME name contains a colon (":"), the portion of the name that prefixes the colon remains, but the value for the cookie is an empty string. Simply put - colons are valid characters for version 0 and version 1 (RFC 2109/RFC 2965) cookies. Below is a reproducible example of the problem. It is important to note that the cookies are initially sent to the Web browser as version 1 cookies, however when the browser send the cookies back to Tomcat when a request is made, they only contain the NAME-VALUE component. Essentially, Tomcat has no way to inherently "know" what version of cookie has been sent. Tomcat 5.5.25 and earlier: -------------------------- HTTP request contains header: Cookie: JSESSIONID=87C7E668C6C15E2556C0977F6EAA9F4C; NFIS:profile=lang=en; DACS:NFIS:NRCAN:dlewis=usjp1tigSqakP8BnWv * When the HttpServletRequest.getCookies() is called, a Cookie[] is returned: Cookie: name="JSESSIONID", value="J87C7E668C6C15E2556C0977F6EAA9F4C" Cookie: name="NFIS:profile", value="lang:en" Cookie: name="DACS:NFIS:NRCAN:dlewis", value="usjp1tigSqakP8BnWv" Tomcat 5.5.26: -------------- HTTP request contains header: Cookie: JSESSIONID=87C7E668C6C15E2556C0977F6EAA9F4C; NFIS:profile=lang=en; DACS:NFIS:NRCAN:dlewis=usjp1tigSqakP8BnWv * When the HttpServletRequest.getCookies() is called, a Cookie[] is returned: Cookie: name="JSESSIONID", value="J87C7E668C6C15E2556C0977F6EAA9F4C" Cookie: name="NFIS", value="" Cookie: name="DACS", value="" This issue "breaks" many of the cookies that we use with our applications. The only solution (for now) is to use Tomcat 5.5.25. --- When is the next Tomcat 5.5.x slated for release? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
