DO NOT REPLY [Bug 44624] New: Tomcat stopping
https://issues.apache.org/bugzilla/show_bug.cgi?id=44624 Summary: Tomcat stopping Product: Tomcat 5 Version: 5.5.23 Platform: PC OS/Version: Windows Server 2003 Status: NEW Severity: major Priority: P2 Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Tomcat stopping due to client abort. The following was found in the localhost Log : ClientAbortException: java.net.SocketException: Connection reset by peer: socket write error -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 44624] Tomcat stopping
https://issues.apache.org/bugzilla/show_bug.cgi?id=44624 Ratul <[EMAIL PROTECTED]> changed: What|Removed |Added CC||[EMAIL PROTECTED] -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 44624] Tomcat stopping
https://issues.apache.org/bugzilla/show_bug.cgi?id=44624 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #1 from Mark Thomas <[EMAIL PROTECTED]> 2008-03-18 06:50:07 PST --- Please use the users mainling list for this issue. http://tomcat.apache.org/lists.html -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r634863 - /tomcat/tc6.0.x/trunk/STATUS.txt
Filip Hanik - Dev Lists wrote: Mark Thomas wrote: The version switch is activated by a greater set of characters than it really needs to be. I should be able to modify my patch to only switch when there are characters in a v1 cookie that will cause problems. I'll try and look at this tomorrow - it is getting late here ;) other way around, the check for the characters and the version switch, should be done on all invalid v0 characters (which maybeQuote2 does). this should only be done on the value, with that set of characters. Sorry - it really was late - I meant v0. I agree that tspecials2 is too wide a range of characters to trigger the switch but equally I don't think tspecials are sufficient. As a minimum, '=' also needs to trigger the switch as this will cause parsing problems if it appears in the value/path/domain. For safety I would like to include '\\' and '\"' as well but I don't think they are strictly necessary. Due to the parsing issues, mainly if '=' is present, we should continue to check domain and path and switch to v1 if required but the much reduced set of triggers this should be a lot less likely. I have a better patch but I haven't tested it yet. I should have it ready to propose later this evening. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r638442 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Tue Mar 18 10:04:22 2008 New Revision: 638442 URL: http://svn.apache.org/viewvc?rev=638442&view=rev Log: Withdraw previous alternative proposal and replace with an improved patch that addresses the concerns raised. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=638442&r1=638441&r2=638442&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Mar 18 10:04:22 2008 @@ -105,10 +105,11 @@ elements of the cookie header. -1: -* As an alternative to the above patch, I propose: - http://people.apache.org/~markt/patches/2008-03-15-cookie-path.patch - +1: markt, remm, jfclere - -1: maybeQuote2 should not be applied to the path, since / is a valid value without quotes +* As an alternative to the above patch, I propose an improved patch that + addresses the concerns with the previous alternative: + http://people.apache.org/~markt/patches/2008-03-18-cookie-path.patch + +1: markt + -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44562 http://svn.apache.org/viewvc?rev=635294&view=rev (prior code clean up) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r638442 - /tomcat/tc6.0.x/trunk/STATUS.txt
this wont work either. for the value of the cookie, it must be what it was before. tspecials2. those are the correct characters for the "value" of the cookie, but they are not correct for the "path" the problem is how browsers work (or not work for that matter). for example, browsers will accept a quoted value for the "value", but not for the "path". the safest bet, is to remove the whole version switch, and be spec compliant, and let the users make sure they have the correct values. if we need to pursue the path of auto switching, which I think is not a good idea given the problems that come up, then switch on the value only. I'd leave the path and domain unescaped and unquoted for v0 cookies, and don't even try to do anything. http://svn.apache.org/viewvc?view=rev&revision=634513 Filip [EMAIL PROTECTED] wrote: Author: markt Date: Tue Mar 18 10:04:22 2008 New Revision: 638442 URL: http://svn.apache.org/viewvc?rev=638442&view=rev Log: Withdraw previous alternative proposal and replace with an improved patch that addresses the concerns raised. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=638442&r1=638441&r2=638442&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Mar 18 10:04:22 2008 @@ -105,10 +105,11 @@ elements of the cookie header. -1: -* As an alternative to the above patch, I propose: - http://people.apache.org/~markt/patches/2008-03-15-cookie-path.patch - +1: markt, remm, jfclere - -1: maybeQuote2 should not be applied to the path, since / is a valid value without quotes +* As an alternative to the above patch, I propose an improved patch that + addresses the concerns with the previous alternative: + http://people.apache.org/~markt/patches/2008-03-18-cookie-path.patch + +1: markt + -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44562 http://svn.apache.org/viewvc?rev=635294&view=rev (prior code clean up) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Cookie standards
According to Daniel Stenberg, Cookies are not even *mentioned* in RFC2616 Per http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0623.html "On Tue, 18 Mar 2008, Jim Manico wrote: > Are there any efforts underway to support the HttpOnly cookie directive > within any version of the HTTP Protocol? 1 - Cookies aren't included in RFC2616 at all. 2 - Hardly any implemenations of cookies follow any recent attempts to document how cookies should be handled so I doubt writing yet another cookie spec update will help much. Given the history of cookies so far, they are doomed to be adhoc'ed and work in a random undocumented fashion... (unless you count the original Netscape cookie document a specification)." Ouch. Is this true? - Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cookie standards
The standard is only 7 1/2 years old; http://www.ietf.org/rfc/rfc2965 Jim Manico wrote: According to Daniel Stenberg, Cookies are not even *mentioned* in RFC2616 Per http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0623.html "On Tue, 18 Mar 2008, Jim Manico wrote: > Are there any efforts underway to support the HttpOnly cookie directive > within any version of the HTTP Protocol? 1 - Cookies aren't included in RFC2616 at all. 2 - Hardly any implemenations of cookies follow any recent attempts to document how cookies should be handled so I doubt writing yet another cookie spec update will help much. Given the history of cookies so far, they are doomed to be adhoc'ed and work in a random undocumented fashion... (unless you count the original Netscape cookie document a specification)." Ouch. Is this true? - Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cookie standards
Right, but are there any active cookie standards that can be amended? 7 /12 year old standards are not very valid or useful in the fast-moving internut world. - Jim The standard is only 7 1/2 years old; http://www.ietf.org/rfc/rfc2965 Jim Manico wrote: According to Daniel Stenberg, Cookies are not even *mentioned* in RFC2616 Per http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0623.html "On Tue, 18 Mar 2008, Jim Manico wrote: > Are there any efforts underway to support the HttpOnly cookie directive > within any version of the HTTP Protocol? 1 - Cookies aren't included in RFC2616 at all. 2 - Hardly any implemenations of cookies follow any recent attempts to document how cookies should be handled so I doubt writing yet another cookie spec update will help much. Given the history of cookies so far, they are doomed to be adhoc'ed and work in a random undocumented fashion... (unless you count the original Netscape cookie document a specification)." Ouch. Is this true? - Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r638546 - in /tomcat: container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/WebRuleSet.java current/tc5.5.x/STATUS.txt
Author: fhanik Date: Tue Mar 18 12:58:29 2008 New Revision: 638546 URL: http://svn.apache.org/viewvc?rev=638546&view=rev Log: Apply patch Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/WebRuleSet.java tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/WebRuleSet.java URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/WebRuleSet.java?rev=638546&r1=638545&r2=638546&view=diff == --- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/WebRuleSet.java (original) +++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/WebRuleSet.java Tue Mar 18 12:58:29 2008 @@ -246,9 +246,6 @@ digester.addCallMethod(prefix + "web-app/jsp-config/jsp-property-group/url-pattern", "addJspMapping", 0); -digester.addCallMethod(prefix + "web-app/listener/listener-class", - "addApplicationListener", 0); - digester.addRule(prefix + "web-app/login-config", loginConfig); Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=638546&r1=638545&r2=638546&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Tue Mar 18 12:58:29 2008 @@ -31,11 +31,6 @@ +1: markt, fhanik -1: -* Remove duplicate listner additions (backport from 6.0 trunk) - http://svn.apache.org/viewvc?rev=620844&view=rev - +1: pero, markt, fhanik - -1: - * Fix ArrayIndexOutOfBoundsException when empty URL is requested http://svn.apache.org/viewvc?rev=627883&view=rev +1: markt, fhanik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r638548 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: fhanik Date: Tue Mar 18 13:01:36 2008 New Revision: 638548 URL: http://svn.apache.org/viewvc?rev=638548&view=rev Log: votes Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=638548&r1=638547&r2=638548&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Mar 18 13:01:36 2008 @@ -90,7 +90,7 @@ return cb.getLength(); - +1 : remm, markt + +1 : remm, markt, fhanik * Cookie addition - due to how inconsistent browsers are we will only quote the value for v0 cookies. @@ -119,7 +119,7 @@ * Fix minor HttpServlet bug. Use localised error message. http://svn.apache.org/viewvc?rev=635298&view=rev - +1: markt, remm + +1: markt, remm, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44558 @@ -130,5 +130,5 @@ * Add system property docs http://svn.apache.org/viewvc?rev=620335&view=rev http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/systemprops.xml?r1=627743&r2=627742&pathrev=627743 - +1: markt, remm + +1: markt, remm, fhanik -1: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r638551 - /tomcat/current/tc5.5.x/STATUS.txt
Author: fhanik Date: Tue Mar 18 13:19:41 2008 New Revision: 638551 URL: http://svn.apache.org/viewvc?rev=638551&view=rev Log: vote Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=638551&r1=638550&r2=638551&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Tue Mar 18 13:19:41 2008 @@ -49,7 +49,7 @@ The original patch can be viewed http://svn.apache.org/viewvc?rev=568307&view=rev - http://svn.apache.org/viewvc?rev=568605&view=rev + http://svn.apache.org/viewvc?rev=568605&view=rev +1: fhanik -1: @@ -72,5 +72,5 @@ * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44556 http://people.apache.org/~markt/patches/2008-03-10-bug44556.patch - +1: markt + +1: markt, fhanik -1: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cookie standards
William A. Rowe, Jr. wrote: The standard is only 7 1/2 years old; http://www.ietf.org/rfc/rfc2965 But that's for "Cookie2" (the thing people should use), not "Cookie" (the thing people *do* use). BR, Julian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cookie standards
tomcat doesn't use that spec, we use http://wp.netscape.com/newsref/std/cookie_spec.html http://www.faqs.org/rfcs/rfc2109.html not sure how many browsers are actually up to 2965 yet Filip William A. Rowe, Jr. wrote: The standard is only 7 1/2 years old; http://www.ietf.org/rfc/rfc2965 Jim Manico wrote: According to Daniel Stenberg, Cookies are not even *mentioned* in RFC2616 Per http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0623.html "On Tue, 18 Mar 2008, Jim Manico wrote: > Are there any efforts underway to support the HttpOnly cookie directive > within any version of the HTTP Protocol? 1 - Cookies aren't included in RFC2616 at all. 2 - Hardly any implemenations of cookies follow any recent attempts to document how cookies should be handled so I doubt writing yet another cookie spec update will help much. Given the history of cookies so far, they are doomed to be adhoc'ed and work in a random undocumented fashion... (unless you count the original Netscape cookie document a specification)." Ouch. Is this true? - Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r638442 - /tomcat/tc6.0.x/trunk/STATUS.txt
Filip Hanik - Dev Lists wrote: this wont work either. for the value of the cookie, it must be what it was before. tspecials2. those are the correct characters for the "value" of the cookie, but they are not correct for the "path" I'm not convinced of this yet. I am doing some more testing but I think things are being complicated by some potential bugs in the new parsing code. Now we have the test cases, I'll look at adding some more tests and go from there. I don't see a huge rush to fix this and I'd like to take the time to understand what is going on with the parsing code and if what I think are bugs are really bugs or my misunderstanding. I'll withdraw/modify/stand by my proposal when I have done some further work. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r638442 - /tomcat/tc6.0.x/trunk/STATUS.txt
Mark Thomas wrote: Filip Hanik - Dev Lists wrote: this wont work either. for the value of the cookie, it must be what it was before. tspecials2. those are the correct characters for the "value" of the cookie, but they are not correct for the "path" I'm not convinced of this yet. I am doing some more testing but I think things are being complicated by some potential bugs in the new parsing code. Now we have the test cases, I'll look at adding some more tests and go from there. don't think there are any bugs in the parsing code, it's just in the autoswitch, that just need to autoswitch on the value. I don't see a huge rush to fix this and I'd like to take the time to understand what is going on with the parsing code and if what I think are bugs are really bugs or my misunderstanding. I do see a little bit of rush, considering we have a 6.0.16/5.5.26 with a broken Reader out there. The broken cookies out there are due to invalid cookies, but we are providing the autoswitch to mitigate users that don't want to, or are unable to fix the invalid v0 cookies. Filip I'll withdraw/modify/stand by my proposal when I have done some further work. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r638442 - /tomcat/tc6.0.x/trunk/STATUS.txt
Filip Hanik - Dev Lists wrote: Mark Thomas wrote: Filip Hanik - Dev Lists wrote: this wont work either. for the value of the cookie, it must be what it was before. tspecials2. those are the correct characters for the "value" of the cookie, but they are not correct for the "path" I'm not convinced of this yet. I am doing some more testing but I think things are being complicated by some potential bugs in the new parsing code. Now we have the test cases, I'll look at adding some more tests and go from there. don't think there are any bugs in the parsing code, it's just in the autoswitch, that just need to autoswitch on the value. Right now it doesn't appear to parse the following header correctly: Cookie: a=( which is a valid v0 cookie. This is interfering with the testing I am trying to do. I am still working my way through the RFC2965 to see why such a long list of separators is being used. Any pointers appreciated. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r638442 - /tomcat/tc6.0.x/trunk/STATUS.txt
Mark Thomas wrote:
Filip Hanik - Dev Lists wrote:
Mark Thomas wrote:
Filip Hanik - Dev Lists wrote:
this wont work either. for the value of the cookie, it must be what
it was before. tspecials2. those are the correct characters for the
"value" of the cookie, but they are not correct for the "path"
I'm not convinced of this yet. I am doing some more testing but I
think things are being complicated by some potential bugs in the new
parsing code. Now we have the test cases, I'll look at adding some
more tests and go from there.
don't think there are any bugs in the parsing code, it's just in the
autoswitch, that just need to autoswitch on the value.
Right now it doesn't appear to parse the following header correctly:
Cookie: a=(
problem is that v0 cookies don't specify what values are valid, instead
they recommend using some sort of encoding for characters that might
interfer with the HTTP spec.
and according to 2616, ( is a separator
token = 1*
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
which is a valid v0 cookie. This is interfering with the testing I am
trying to do.
I am still working my way through the RFC2965 to see why such a long
list of separators is being used. Any pointers appreciated.
wrong RFC, 2109 is for v1 cookies, and v0 is a small document from netscape
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r638442 - /tomcat/tc6.0.x/trunk/STATUS.txt
On Tue, 2008-03-18 at 16:05 -0600, Filip Hanik - Dev Lists wrote: > Mark Thomas wrote: > > Filip Hanik - Dev Lists wrote: > >> this wont work either. for the value of the cookie, it must be what > >> it was before. tspecials2. those are the correct characters for the > >> "value" of the cookie, but they are not correct for the "path" > > > > I'm not convinced of this yet. I am doing some more testing but I > > think things are being complicated by some potential bugs in the new > > parsing code. Now we have the test cases, I'll look at adding some > > more tests and go from there. > don't think there are any bugs in the parsing code, it's just in the > autoswitch, that just need to autoswitch on the value. There seem to be a lot of complaints about the cookies, and I don't see nearly as much about the reader problem. So both issues should be addressed. Rémy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r638442 - /tomcat/tc6.0.x/trunk/STATUS.txt
Filip Hanik - Dev Lists wrote:
Mark Thomas wrote:
Filip Hanik - Dev Lists wrote:
Mark Thomas wrote:
Filip Hanik - Dev Lists wrote:
this wont work either. for the value of the cookie, it must be what
it was before. tspecials2. those are the correct characters for the
"value" of the cookie, but they are not correct for the "path"
I'm not convinced of this yet. I am doing some more testing but I
think things are being complicated by some potential bugs in the new
parsing code. Now we have the test cases, I'll look at adding some
more tests and go from there.
don't think there are any bugs in the parsing code, it's just in the
autoswitch, that just need to autoswitch on the value.
Right now it doesn't appear to parse the following header correctly:
Cookie: a=(
problem is that v0 cookies don't specify what values are valid, instead
they recommend using some sort of encoding for characters that might
interfer with the HTTP spec.
and according to 2616, ( is a separator
token = 1*
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
Thanks for that. That covers most of the parsing stuff I was seeing. The
only exception is that we are treating '\'' as a separator but it doesn't
appear to be in any of the specs. Not something to fix in this patch, but
we probably should remove it from the list.
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r638652 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Tue Mar 18 17:12:31 2008 New Revision: 638652 URL: http://svn.apache.org/viewvc?rev=638652&view=rev Log: Remove alternative patch that still has issues. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=638652&r1=638651&r2=638652&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Mar 18 17:12:31 2008 @@ -105,12 +105,6 @@ elements of the cookie header. -1: -* As an alternative to the above patch, I propose an improved patch that - addresses the concerns with the previous alternative: - http://people.apache.org/~markt/patches/2008-03-18-cookie-path.patch - +1: markt - -1: - * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44562 http://svn.apache.org/viewvc?rev=635294&view=rev (prior code clean up) http://svn.apache.org/viewvc?rev=635297&view=rev (the actual fix) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r638695 - /tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java
Author: fhanik
Date: Tue Mar 18 20:46:17 2008
New Revision: 638695
URL: http://svn.apache.org/viewvc?rev=638695&view=rev
Log:
Only allow version switching on the "value" of the cookie, for the rest, just
quote like we did in the past. this becomes the most backwards compatible with
old behavior
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java?rev=638695&r1=638694&r2=638695&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java Tue Mar 18
20:46:17 2008
@@ -255,7 +255,7 @@
buf.append("=");
// Servlet implementation does not check anything else
-version = maybeQuote2(version, buf, value);
+version = maybeQuote2(version, buf, value,true);
// Add version 1 specific information
if (version == 1) {
@@ -299,10 +299,7 @@
// Path=path
if (path!=null) {
buf.append ("; Path=");
-if (version>0)
-maybeQuote2(version, buf, path); //don't quote the path for v0
cookies
-else
-buf.append(path);
+maybeQuote2(version, buf, path);
}
// Secure
@@ -340,6 +337,10 @@
* @param value
*/
public static int maybeQuote2 (int version, StringBuffer buf, String
value) {
+return maybeQuote2(version,buf,value,false);
+}
+
+public static int maybeQuote2 (int version, StringBuffer buf, String
value, boolean allowVersionSwitch) {
if (value==null || value.length()==0) {
buf.append("\"\"");
}else if (containsCTL(value,version))
@@ -348,7 +349,7 @@
buf.append('"');
buf.append(escapeDoubleQuotes(value,1,value.length()-1));
buf.append('"');
-} else if ((!STRICT_SERVLET_COMPLIANCE) && version==0 &&
!isToken2(value)) {
+} else if (allowVersionSwitch && (!STRICT_SERVLET_COMPLIANCE) &&
version==0 && !isToken2(value)) {
buf.append('"');
buf.append(escapeDoubleQuotes(value,0,value.length()));
buf.append('"');
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r638696 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: fhanik
Date: Tue Mar 18 20:55:49 2008
New Revision: 638696
URL: http://svn.apache.org/viewvc?rev=638696&view=rev
Log:
proposed simplified cookie backwards compatible patch
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=638696&r1=638695&r2=638696&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Mar 18 20:55:49 2008
@@ -92,19 +92,6 @@
+1 : remm, markt, fhanik
-* Cookie addition - due to how inconsistent browsers are we will only quote
the value
- for v0 cookies.
- http://svn.apache.org/viewvc?view=rev&revision=634513
- +1: fhanik
- +0: remm
- -0: markt If the current code thinks the path needs quoting then you
-are in very uncertain territory for v0 cookies anyway and
-the chances are that something is going to break. I would
-rather keep the consistency of the quoting that might
-break a browser than have inconsistent handling of
-elements of the cookie header.
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44562
http://svn.apache.org/viewvc?rev=635294&view=rev (prior code clean up)
http://svn.apache.org/viewvc?rev=635297&view=rev (the actual fix)
@@ -126,3 +113,21 @@
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/systemprops.xml?r1=627743&r2=627742&pathrev=627743
+1: markt, remm, fhanik
-1:
+
+* Cookie completion. Only do the autoswitch on the value of the cookie, quote
domain/path same way as we did before
+258c258
+< version = maybeQuote2(version, buf, value);
+---
+> version = maybeQuote2(version, buf, value,true);
+339a340,343
+> return maybeQuote2(version,buf,value,false);
+> }
+>
+> public static int maybeQuote2 (int version, StringBuffer buf, String
value, boolean allowVersionSwitch) {
+348c352
+< } else if ((!STRICT_SERVLET_COMPLIANCE) && version==0 &&
!isToken2(value)) {
+---
+> } else if (allowVersionSwitch && (!STRICT_SERVLET_COMPLIANCE) &&
version==0 && !isToken2(value)) {
+
+ +1: fhanik
+ -1:
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 6 Valves Development
Hi all, I am looking for some reference material or tutorial over net on how to begin with development of my own tomcat 6 valves. I have started looking at a book which is for tomcat 5 and it seems to import following from catalina.jar import org.apache.catalina.HttpResponse; import org.apache.catalina.Request; import org.apache.catalina.Response; import org.apache.catalina.ValveContext; but all these looks to be moved/changed in the tomcat 6. I am not able to find corresponding classes and thus the starting point. Googled as well but no success for such tutorial/article. Could someone please guide on the same? Regards, Hemant
