https://issues.apache.org/bugzilla/show_bug.cgi?id=46125
Summary: Setting large cookies in the request causes Tomcat to
abort the connection
Product: Tomcat 6
Version: 6.0.18
Platform: Macintosh
OS/Version: Mac OS X 10.4
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: [EMAIL PROTECTED]
It is possible to store too many cookies, or cookies that are too large for the
header to properly carry. That's not good web programming, but still, it is
quite common when one is using a JS framework.
If such a set of cookies is constructed and sent to Tomcat as part of a
request, Tomcat panics and simply aborts the connection. This leads to a blank
screen with no source code on the client's browser. Or, it leads to a cryptic
error, like Safari's infamous "CFErrorDomainCFNetwork error 302" that drives
many a newsgroup to tears trying to figure out what is going wrong with the
server.
Expected: return a '400 Bad Request error' like apache does. That would help
the user know what is wrong with the request and help find a better resolution
to the condition.
I am attaching an HTML file that demonstrates this bug. Please run it in Tomcat
and Apache as a comparison. I believe Apache handles the situation correctly.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
