Re: Possibly found a bug in Tomcat

Sat, 26 Jul 2008 09:50:31 -0700

I believe you should be able to quote the value to put in invalid chars in there 

Filip

Hendrik Helwich wrote:

Hello Filip,

i think you are right, OpenSSO does create an invalid cookie.
I first read the following:

"This string is a sequence of characters excluding semi-colon, comma and
white space. If there is a need to place such data in the name or value,
some encoding method such as URL style %XX encoding is recommended,
though no encoding is defined or required."

on
http://209.85.135.104/search?q=cache:W6VJIqv-__MJ:wp.netscape.com/newsref/std/cookie_spec.html

but now i found the actual specification
http://www.w3.org/Protocols/rfc2109/rfc2109
and
http://www.w3.org/Protocols/rfc2068/rfc2068
which does not allow the following characters in the cookies value:

          tspecials      = "(" | ")" | "<" | ">" | "@"
                         | "," | ";" | ":" | "\" | <">
                         | "/" | "[" | "]" | "?" | "="
                         | "{" | "}" | SP | HT


Thanks,

Hendrik



Filip Hanik - Dev Lists schrieb:

that looks like an invalid cookie to me, = is a delimiter, so a proper
parser would end when it hits the 2nd =

Filip

Hendrik Helwich wrote:

Hello tomcat developers,

i tried to integrate OpenSSO (https://opensso.dev.java.net/) with
liferay (http://www.liferay.com), which is a web-application which is
recommended to run in Tomcat 5.5.
It does not work and i found out, that it is a cookie problem.

In the request a cookie is send:
[EMAIL PROTECTED];


But in the corresponding instance of javax.servlet.http.Cookie the
value is:
AQIC5wM2LY4SfcyGIL7gS99bMIQ5i2cP7jYw2bFMCztKUw0

The end of the value is missing and it seems there is a bug in
Cookie-Parser.

I tried to figure it out by myself and followed the instructions on
http://tomcat.apache.org/tomcat-6.0-doc/building.html
to build tomcat, but i got an error while executing "ant download"  (log
is appended).
My Java version is 1.6.0_01-b06.

Can you help or give me a hint?

Thanks
Hendrik
------------------------------------------------------------------------ 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to