https://issues.apache.org/bugzilla/show_bug.cgi?id=51138
Bug #: 51138
Summary: Cookies with colons in the cookie value are read
incorrectly
Product: Tomcat 7
Version: 7.0.12
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: Catalina
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
In my browser I have a cookie with the following name and value
name : _mkto_trk
value : id:096-SLE-656&token:_mch-localhost-1304194663326-22461
When i try the read this cookie via (HttpServletRequest.getCookies() i will
find the cookie but it's value will be id instead of
id:096-SLE-656&token:_mch-localhost-1304194663326-22461
this is incorrect
This issue seems to have been previously raised on the tomcat-user mailing list
http://old.nabble.com/Issue-reading-a-cookie-having-a-colon-in-the-value-.-Is-this-a-bug-in-Tomcat-6.0.32---td30876300.html
Where tomcat committer Christopher Schultz blamed the issue on broken user
agents citing portions of the rfc2965 spec. While that is in fact true, no
major browser besides opera ever implemented RFC 2965 (see also the discussion
at https://bugzilla.mozilla.org/show_bug.cgi?id=610218#c11)
The following draft most accurately descibes the current status quo
http://tools.ietf.org/html/draft-ietf-httpstate-cookie-23
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
