DO NOT REPLY [Bug 99] Tomcat reports 'out of memory error' BugRat Report#89
https://issues.apache.org/bugzilla/show_bug.cgi?id=99 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Depends on|44615 | -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r637784 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: jfclere Date: Mon Mar 17 01:37:42 2008 New Revision: 637784 URL: http://svn.apache.org/viewvc?rev=637784&view=rev Log: Cast my votes. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=637784&r1=637783&r2=637784&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Mar 17 01:37:42 2008 @@ -119,12 +119,12 @@ * As an alternative to the above patch, I propose: http://people.apache.org/~markt/patches/2008-03-15-cookie-path.patch - +1: markt, remm + +1: markt, remm, jfclere * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44562 http://svn.apache.org/viewvc?rev=635294&view=rev (prior code clean up) http://svn.apache.org/viewvc?rev=635297&view=rev (the actual fix) - +1: markt, remm + +1: markt, remm, jfclere -1: * Fix minor HttpServlet bug. Use localised error message. @@ -134,7 +134,7 @@ * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44558 http://svn.apache.org/viewvc?rev=635304&view=rev - +1: markt, remm + +1: markt, remm, jfclere -1: * Add system property docs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r637796 - /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Author: jfclere
Date: Mon Mar 17 02:09:17 2008
New Revision: 637796
URL: http://svn.apache.org/viewvc?rev=637796&view=rev
Log:
Arrange doc.
Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=637796&r1=637795&r2=637796&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Mar 17 02:09:17 2008
@@ -38,8 +38,6 @@
ExtendedAccessLogValve cs-uri not print empty querystring (pero)
-
-
ServletContext.getResource("noslash/resource") only requires forward
slash if STRICT_SERVLET_COMPLIANCE
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r637810 - /tomcat/trunk/webapps/docs/ssl-howto.xml
Author: jfclere Date: Mon Mar 17 02:59:15 2008 New Revision: 637810 URL: http://svn.apache.org/viewvc?rev=637810&view=rev Log: Add SSLRandomSeed documentation. Modified: tomcat/trunk/webapps/docs/ssl-howto.xml Modified: tomcat/trunk/webapps/docs/ssl-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/ssl-howto.xml?rev=637810&r1=637809&r2=637810&view=diff == --- tomcat/trunk/webapps/docs/ssl-howto.xml (original) +++ tomcat/trunk/webapps/docs/ssl-howto.xml Mon Mar 17 02:59:15 2008 @@ -282,11 +282,11 @@ If you are using APR, you have the option of configuring an alternative engine to openSSL. -+ The default value is - + So to use SSL under APR, make sure the SSLEngine attribute is set to something other than off. The default value is on and if you specify another value, it has to be a valid engine name. @@ -295,6 +295,9 @@ +SSLRandomSeed allows to specify a source of entropy. Productive system needs a reliable source of entropy +but entropy may need a lot of time to be collected therefore test systems could use no blocking entropy +sources like "/dev/urandom" that will allow quickier starts of Tomcat. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r637817 - /tomcat/trunk/webapps/docs/ssl-howto.xml
Author: jfclere Date: Mon Mar 17 03:07:03 2008 New Revision: 637817 URL: http://svn.apache.org/viewvc?rev=637817&view=rev Log: Typo. Modified: tomcat/trunk/webapps/docs/ssl-howto.xml Modified: tomcat/trunk/webapps/docs/ssl-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/ssl-howto.xml?rev=637817&r1=637816&r2=637817&view=diff == --- tomcat/trunk/webapps/docs/ssl-howto.xml (original) +++ tomcat/trunk/webapps/docs/ssl-howto.xml Mon Mar 17 03:07:03 2008 @@ -297,7 +297,7 @@ SSLRandomSeed allows to specify a source of entropy. Productive system needs a reliable source of entropy but entropy may need a lot of time to be collected therefore test systems could use no blocking entropy -sources like "/dev/urandom" that will allow quickier starts of Tomcat. +sources like "/dev/urandom" that will allow quicker starts of Tomcat. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r637793 - in /tomcat/tc6.0.x/trunk: STATUS.txt test/build.xml test/org/apache/catalina/tomcat/util/http/TestCookies.java webapps/docs/changelog.xml
Author: jfclere
Date: Mon Mar 17 02:03:05 2008
New Revision: 637793
URL: http://svn.apache.org/viewvc?rev=637793&view=rev
Log:
Arrange the cookie tests.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/test/build.xml
tomcat/tc6.0.x/trunk/test/org/apache/catalina/tomcat/util/http/TestCookies.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=637793&r1=637792&r2=637793&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Mar 17 02:03:05 2008
@@ -28,11 +28,6 @@
PATCHES ACCEPTED TO BACKPORT:
[ start all new proposals below, under PATCHES PROPOSED. ]
-* Add tests for the cookie parsing and use package
org.apache.catalina.tomcat.util.http
- http://people.apache.org/~jfclere/patches/test_cookies.patch2
- +1: jfclere, fhanik, markt
- -1:
-
PATCHES PROPOSED TO BACKPORT:
[ New proposals should be added at the end of the list ]
Modified: tomcat/tc6.0.x/trunk/test/build.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/test/build.xml?rev=637793&r1=637792&r2=637793&view=diff
==
--- tomcat/tc6.0.x/trunk/test/build.xml (original)
+++ tomcat/tc6.0.x/trunk/test/build.xml Mon Mar 17 02:03:05 2008
@@ -28,6 +28,7 @@
+
@@ -61,7 +62,7 @@
-
+
Modified:
tomcat/tc6.0.x/trunk/test/org/apache/catalina/tomcat/util/http/TestCookies.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/test/org/apache/catalina/tomcat/util/http/TestCookies.java?rev=637793&r1=637792&r2=637793&view=diff
==
---
tomcat/tc6.0.x/trunk/test/org/apache/catalina/tomcat/util/http/TestCookies.java
(original)
+++
tomcat/tc6.0.x/trunk/test/org/apache/catalina/tomcat/util/http/TestCookies.java
Mon Mar 17 02:03:05 2008
@@ -15,6 +15,8 @@
* limitations under the License.
*/
+package org.apache.catalina.tomcat.util.http;
+
import org.apache.tomcat.util.http.Cookies;
import org.apache.tomcat.util.http.ServerCookie;
@@ -69,8 +71,8 @@
test("$Version=1;foo=\"bar\";$Domain=apache.org;$Port=8080;a=b",
"foo", "bar", "a", "b");
// make sure these never split into two cookies - JVK
-test("$Version=1;foo=\"b\"ar\";$Domain=apache.org;$Port=8080;a=b",
"foo", "b", "a", "b");
-test("$Version=1;foo=\"b\\\"ar\";$Domain=apache.org;$Port=8080;a=b",
"foo", "b\\\"ar", "a", "b");
+test("$Version=1;foo=\"b\"ar\";$Domain=apache.org;$Port=8080;a=b",
"foo", "b", "a", "b"); // Incorrectly escaped.
+test("$Version=1;foo=\"b\\\"ar\";$Domain=apache.org;$Port=8080;a=b",
"foo", "b\"ar", "a", "b"); // correctly escaped.
test("$Version=1;foo=\"b'ar\";$Domain=apache.org;$Port=8080;a=b",
"foo", "b'ar", "a", "b");
// JFC: sure it is "b" and not b'ar ?
test("$Version=1;foo=b'ar;$Domain=apache.org;$Port=8080;a=b", "foo",
"b", "a", "b");
@@ -113,8 +115,28 @@
test("foo;a=b;;\\;bar=rab", "foo", "", "a", "b", "bar", "rab");
+
+// Try all the separators of version1 in version0 cookie.
+// Won't work we only parse version1 cookie result 1 cookie.
+test("a=()<>@:\\\"/[]?={}\t; foo=bar", "foo", "bar");
+
+// Test the version.
+test("$Version=1;foo=bar", 1);
+test("$Version=0;foo=bar", 0);
}
+public static void test( String s, int val ) throws Exception {
+System.out.println("Processing [" + s + "]");
+Cookies cs=new Cookies(null);
+cs.processCookieHeader( s.getBytes(), 0, s.length());
+int num = cs.getCookieCount();
+if (num != 1)
+ throw new Exception("wrong number of cookies " + num);
+ServerCookie co = cs.getCookie(0);
+System.out.println("One Cookie: " + co);
+if (co.getVersion() != val)
+ throw new Exception("wrong version " + co.getVersion() + " != " +
val);
+}
public static void test( String s ) throws Exception {
System.out.println("Processing [" + s + "]");
Cookies cs=new Cookies(null);
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=637793&r1=637792&r2=637793&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Mar 17 02:03:05 2008
@@ -91,6 +91,13 @@
+
+
+
+ Improve the Tests for unit tests for the cookie issues. (jfclere)
+
+
+
---
svn commit: r637867 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/core/AprLifecycleListener.java java/org/apache/tomcat/jni/SSL.java webapps/docs/changelog.xml webapps/docs/ssl-howto
Author: jfclere
Date: Mon Mar 17 05:49:46 2008
New Revision: 637867
URL: http://svn.apache.org/viewvc?rev=637867&view=rev
Log:
Allow to specify the random device to use (with docs).
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/SSL.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=637867&r1=637866&r2=637867&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Mar 17 05:49:46 2008
@@ -55,13 +55,6 @@
+0: remm: do we really want to fix these sort of "bugs" ?
-1:
-* Allow to specify the random device to use. (/dev/urandom is faster).
- http://svn.apache.org/viewvc?view=rev&revision=602114
- http://svn.apache.org/viewvc?view=rev&revision=601795
- +1: jfclere, fhanik, remm
- +0: markt, jim - should really be added to the docs as well
- -1:
-
* Revert back to original patch proposed for UTF8 parsing.
This also fixes the regression for 6.0.16 and 5.5.26 (and possibly 4.1.37)
mentioned in
http://issues.apache.org/bugzilla/show_bug.cgi?id=44494
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java?rev=637867&r1=637866&r2=637867&view=diff
==
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
Mon Mar 17 05:49:46 2008
@@ -64,6 +64,7 @@
// -- Properties
protected static String SSLEngine = "on"; //default on
+protected static String SSLRandomSeed = "builtin";
protected static boolean sslInitialized = false;
protected static boolean aprInitialized = false;
@@ -204,14 +205,21 @@
//only once per VM
return;
}
-String methodName = "initialize";
+String methodName = "randSet";
Class paramTypes[] = new Class[1];
paramTypes[0] = String.class;
Object paramValues[] = new Object[1];
-paramValues[0] = "on".equalsIgnoreCase(SSLEngine)?null:SSLEngine;
+paramValues[0] = SSLRandomSeed;
Class clazz = Class.forName("org.apache.tomcat.jni.SSL");
Method method = clazz.getMethod(methodName, paramTypes);
method.invoke(null, paramValues);
+
+
+methodName = "initialize";
+paramValues[0] = "on".equalsIgnoreCase(SSLEngine)?null:SSLEngine;
+method = clazz.getMethod(methodName, paramTypes);
+method.invoke(null, paramValues);
+
sslInitialized = true;
}
@@ -223,4 +231,11 @@
this.SSLEngine = SSLEngine;
}
+public String getSSLRandomSeed() {
+return SSLRandomSeed;
+}
+
+public void setSSLRandomSeed(String SSLRandomSeed) {
+this.SSLRandomSeed = SSLRandomSeed;
+}
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/SSL.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/SSL.java?rev=637867&r1=637866&r2=637867&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/SSL.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/jni/SSL.java Mon Mar 17
05:49:46 2008
@@ -227,6 +227,12 @@
public static native int initialize(String engine);
/**
+ * Set source of entropy to use in SSL
+ * @param filename Filename containing random data
+ */
+public static native boolean randSet(String filename);
+
+/**
* Add content of the file to the PRNG
* @param filename Filename containing random data.
*If null the default file will be tested.
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=637867&r1=637866&r2=637867&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Mar 17 05:49:46 2008
@@ -57,6 +57,9 @@
+APR: Allow to specify the "random device" to use to collect the
entropy. (jfclere)
+
+
Fix NIO/SSL live lock during client disconnect (fhanik)
Modified: tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml?re
[Tomcat Wiki] Update of "FAQ/Logging" by YoderJosiah
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The following page has been changed by YoderJosiah:
http://wiki.apache.org/tomcat/FAQ/Logging
The comment on the change is:
Added Logging Request Example XML
--
* Prior to Tomcat 5.5, Tomcat provided a Logger element that you could
configure and extend according to your needs. If you are using a Tomcat version
previous to Tomcat 5.5, make sure to read the
[http://tomcat.apache.org/tomcat-5.0-doc/config/logger.html Logger
configuration reference].
* Starting with Tomcat 5.5, Logger was removed and
[http://jakarta.apache.org/commons/logging Jakarta Commons-Logging] {{{Log}}}
is used everywhere in Tomcat. Read the Commons-Logging documentation if you'd
like to know how to better use and configure Tomcat's internal logging. See
also [http://tomcat.apache.org/tomcat-5.5-doc/logging.html]
+ * To enable request logging similar to the Apache HTTP server, you may
include the following line in the server.xml file, in the tag:
+
+ This will produce a log file for each day, such as
logs/localhost_access_log.2008-03-10.log, containing the files requested, IP
address of the requester, and similar information.
+ 128.34.123.121 - - [10/Mar/2008:15:55:57 -0500] "GET
/upload/ClickPoints.jsp HTTP/1.1" 200 2725
+
In addition, Tomcat does not swallow the System.out and System.err JVM output
streams. You may use these streams for elementary logging if you wish, but a
more robust approach such as commons-logging or
[http://logging.apache.org/log4j Log4J] is recommended for production
applications.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 44620] New: infinit loop in nio connector code
https://issues.apache.org/bugzilla/show_bug.cgi?id=44620
Summary: infinit loop in nio connector code
Product: Tomcat 6
Version: 6.0.16
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P4
Component: Connectors
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
The code below has a chance to cause tomcat enter dead loop in class
InternalNioOutputBuffer
private synchronized void addToBB(byte[] buf, int offset, int length)
throws IOException {
--> while (socket.getBufHandler().getWriteBuffer().remaining() < length)
{
flushBuffer();
}
when the buffer size of socket is smaller than length.
The default size of socket comes from socket.appWriteBufSize, which is 8192;
The value of length is limited by maxHttpHeaderSize, which is 9000. Well, the
chance for dead loop exists and happened.
It can be avoid if we config the two value correctly in server.xml
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 44423] invalid duplicate listeners warning
https://issues.apache.org/bugzilla/show_bug.cgi?id=44423 Nikolai Grigoriev <[EMAIL PROTECTED]> changed: What|Removed |Added CC||[EMAIL PROTECTED] -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 43079] pattern verification broken
https://issues.apache.org/bugzilla/show_bug.cgi?id=43079 Nikolai Grigoriev <[EMAIL PROTECTED]> changed: What|Removed |Added CC||[EMAIL PROTECTED] -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r638067 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: fhanik Date: Mon Mar 17 14:09:25 2008 New Revision: 638067 URL: http://svn.apache.org/viewvc?rev=638067&view=rev Log: don't think that's the correct way for cookies, question to ask ourselves, if not only go by spec and not try to use a backwards workaround using the STRICT compliance flag Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=638067&r1=638066&r2=638067&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Mar 17 14:09:25 2008 @@ -108,6 +108,7 @@ * As an alternative to the above patch, I propose: http://people.apache.org/~markt/patches/2008-03-15-cookie-path.patch +1: markt, remm, jfclere + -1: maybeQuote2 should not be applied to the path, since / is a valid value without quotes * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44562 http://svn.apache.org/viewvc?rev=635294&view=rev (prior code clean up) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r634863 - /tomcat/tc6.0.x/trunk/STATUS.txt
Mark Thomas wrote: Filip Hanik - Dev Lists wrote: actually, IE only supports quoting of the value for v0 cookies. honestly, I wasn't up for the backwards compatible fix, but since it turns out that most folks use v0 cookies with v1 values, this is an evil must. without the below fix, every single JSESSIONID cookie will not work on IE. That's not good. I've looked at this again and the real problem is that maybeQuote2() may change the cookie version but we only check the return value when calling maybeQuote2() for the value. We need to check the return value every time we call maybeQuote2(). I have an alternative patch which I'll add to the status file. I don't think that we should change the cookie version simply because "/" is the path, that doesn't sound right, nor is it required by spec. I'd rather just do the switch upon values containing funky characters...if at all, and maybe just follow spec, and not allow the bad v0 values at all, like the original fix was. Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r634863 - /tomcat/tc6.0.x/trunk/STATUS.txt
Filip Hanik - Dev Lists wrote: Mark Thomas wrote: Filip Hanik - Dev Lists wrote: actually, IE only supports quoting of the value for v0 cookies. honestly, I wasn't up for the backwards compatible fix, but since it turns out that most folks use v0 cookies with v1 values, this is an evil must. without the below fix, every single JSESSIONID cookie will not work on IE. That's not good. I've looked at this again and the real problem is that maybeQuote2() may change the cookie version but we only check the return value when calling maybeQuote2() for the value. We need to check the return value every time we call maybeQuote2(). I have an alternative patch which I'll add to the status file. I don't think that we should change the cookie version simply because "/" is the path, that doesn't sound right, nor is it required by spec. Very true. I'd rather just do the switch upon values containing funky characters...if at all, and maybe just follow spec, and not allow the bad v0 values at all, like the original fix was. The version switch is activated by a greater set of characters than it really needs to be. I should be able to modify my patch to only switch when there are characters in a v1 cookie that will cause problems. I'll try and look at this tomorrow - it is getting late here ;) Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r634863 - /tomcat/tc6.0.x/trunk/STATUS.txt
Mark Thomas wrote: Filip Hanik - Dev Lists wrote: Mark Thomas wrote: Filip Hanik - Dev Lists wrote: actually, IE only supports quoting of the value for v0 cookies. honestly, I wasn't up for the backwards compatible fix, but since it turns out that most folks use v0 cookies with v1 values, this is an evil must. without the below fix, every single JSESSIONID cookie will not work on IE. That's not good. I've looked at this again and the real problem is that maybeQuote2() may change the cookie version but we only check the return value when calling maybeQuote2() for the value. We need to check the return value every time we call maybeQuote2(). I have an alternative patch which I'll add to the status file. I don't think that we should change the cookie version simply because "/" is the path, that doesn't sound right, nor is it required by spec. Very true. I'd rather just do the switch upon values containing funky characters...if at all, and maybe just follow spec, and not allow the bad v0 values at all, like the original fix was. The version switch is activated by a greater set of characters than it really needs to be. I should be able to modify my patch to only switch when there are characters in a v1 cookie that will cause problems. I'll try and look at this tomorrow - it is getting late here ;) other way around, the check for the characters and the version switch, should be done on all invalid v0 characters (which maybeQuote2 does). this should only be done on the value, with that set of characters. Filip Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
