You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Peter Schroer <pe...@blueits.com> on 2015/04/01 11:38:13 UTC
cookie containing umlaut
Hi,
I've got a problem with Tomcat processing cookies which contain a umlaut.
Tomcat will throw a 500 internal server error if a cookie containing a
umlaut is set. This can be easily tested by writing "document.cookie='ä=0';"
in the developer console of the browser. The tomcat log will show the
following error:
SEVERE [http-nio-8084-exec-13]
org.apache.coyote.http11.AbstractHttp11Processor.process Error processing
request
java.lang.IllegalArgumentException: Control character in cookie value or
attribute.
at
org.apache.tomcat.util.http.CookieSupport.isHttpSeparator(CookieSupport.java
:185)
at
org.apache.tomcat.util.http.Cookies.processCookieHeader(Cookies.java:281)
at
org.apache.tomcat.util.http.Cookies.processCookies(Cookies.java:176)
at
org.apache.tomcat.util.http.Cookies.getCookieCount(Cookies.java:106)
at
org.apache.catalina.connector.CoyoteAdapter.parseSessionCookiesId(CoyoteAdap
ter.java:1070)
at
org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.j
ava:827)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:511)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
ssor.java:1015)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
tProtocol.java:652)
at
org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(H
ttp11NioProtocol.java:222)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.jav
a:1575)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:
1533)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:11
45)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:6
15)
at java.lang.Thread.run(Thread.java:722)
I'm writing some kind of proxy and don't have any influence on the cookies
set by third party webpages. Is there any way of stopping tomcat from
throwing this error?
Greetings Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cookie containing umlaut
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
André,
On 4/1/15 10:11 AM, André Warnier wrote:
> Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>
>> Mark,
>>
>> On 4/1/15 7:38 AM, Mark Thomas wrote:
>>> On 01/04/2015 11:53, André Warnier wrote:
>>>
>>> <snip/>
>>>
>>>> By curiosity, I was trying to find the relevant RFCs, to see
>>>> if "ä" is a valid name for a cookie. I am not sure..
>>>>
>>>> Cookies are defined in RFC6265
>>>> (http://tools.ietf.org/html/rfc6265). That document defines
>>>> the cookie-name as a "token", and refers to RFC2616 for the
>>>> definition of token. RFC2616
>>>> (http://tools.ietf.org/html/rfc2616#section-2.2) defines a
>>>> "token" as a series of CHAR's, which in turn are defined as
>>>>
>>>> CHAR = <any US-ASCII character (octets 0 - 127)>
>>>>
>>>>
>>>> So that would tend to say that "ä" is not a valid name for a
>>>> cookie ?
>>> The rules for cookie names are stricter than those for cookie
>>> values. I believe the OP was asking about cookie values.
>>
>> Nope:
>>
>> On 4/1/15 5:38 AM, Peter Schroer wrote:
>>> This can be easily tested by writing "document.cookie='ä=0';"
>>> in the developer console of the browser.
>>
>> So in this case, it's a cookie /name/, but a value.
>>
>
> huh ?
s/but/not/
The ä was the name of the cookie, not the value.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVHAxkAAoJEBzwKT+lPKRYj4sP/0LwG1qI0kJQn2ivPDxbFLbs
MjLhUxD5neojNSRLXqx5RohElaiT84itfAaFMqetaQXporFhJGGapUAua+8wGhR0
71lIZVoXUqDN9SuXA+TXXHsJDNbuLwrgOIIH4LdIW1HoEWV/6cKk4SPEpxMbW5Dp
ifLmgz32PVGsy2WEaY3D8ZZNy0K1adGVR24mD3RWxy5nJLSecbTVkB+s9VDAPDC4
6vhs+sPvwDp/wU1KbQXG12L4nxB2NUnvDP3afZPmix6lz3/Jp4JUCgQR9b+5v2SU
sSFbNA5SVe4aGjGgU7lbrcFZjz2No0+kZHuFIm8Tfxp5enLid0ZBCEpzDhRVNVFm
DaVoYoWkWZ+IYRu6rbASw1uPZ36jZ5H/i6fMYblO+96hC7n3oysaEBq7fkigICDz
Hf8RT/8q2IEZxYszjdH3Iess2lXWU3wFD9ObAzdCKlD7J1of8y5FjjerSy5UuT9v
KcJ6F5Ht3dgqj0yqGc6s8faCL7Kf4lCjc9tU7iHRNoNmBe6r8kRE4/7ynppFTxpc
cz4F+B/U628e930OQUQ4XmLw4mimCF6rTThUls34BbEHaVDsV0fbZ6orX5WfT2WV
Utjz5IcNFMBPmzxEWaehbhv490yP2JZ6S7Au/n9Gfnsw6XMnwtkLmVnyGyFXWEnm
KlNVZjisI7ws2jy5LQNO
=08BH
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cookie containing umlaut
Posted by André Warnier <aw...@ice-sa.com>.
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Mark,
>
> On 4/1/15 7:38 AM, Mark Thomas wrote:
>> On 01/04/2015 11:53, André Warnier wrote:
>>
>> <snip/>
>>
>>> By curiosity, I was trying to find the relevant RFCs, to see if
>>> "ä" is a valid name for a cookie. I am not sure..
>>>
>>> Cookies are defined in RFC6265
>>> (http://tools.ietf.org/html/rfc6265). That document defines the
>>> cookie-name as a "token", and refers to RFC2616 for the
>>> definition of token. RFC2616
>>> (http://tools.ietf.org/html/rfc2616#section-2.2) defines a
>>> "token" as a series of CHAR's, which in turn are defined as
>>>
>>> CHAR = <any US-ASCII character (octets 0 - 127)>
>>>
>>>
>>> So that would tend to say that "ä" is not a valid name for a
>>> cookie ?
>> The rules for cookie names are stricter than those for cookie
>> values. I believe the OP was asking about cookie values.
>
> Nope:
>
> On 4/1/15 5:38 AM, Peter Schroer wrote:
>> This can be easily tested by writing "document.cookie='ä=0';" in
>> the developer console of the browser.
>
> So in this case, it's a cookie /name/, but a value.
>
huh ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cookie containing umlaut
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 4/1/15 7:38 AM, Mark Thomas wrote:
> On 01/04/2015 11:53, André Warnier wrote:
>
> <snip/>
>
>> By curiosity, I was trying to find the relevant RFCs, to see if
>> "ä" is a valid name for a cookie. I am not sure..
>>
>> Cookies are defined in RFC6265
>> (http://tools.ietf.org/html/rfc6265). That document defines the
>> cookie-name as a "token", and refers to RFC2616 for the
>> definition of token. RFC2616
>> (http://tools.ietf.org/html/rfc2616#section-2.2) defines a
>> "token" as a series of CHAR's, which in turn are defined as
>>
>> CHAR = <any US-ASCII character (octets 0 - 127)>
>>
>>
>> So that would tend to say that "ä" is not a valid name for a
>> cookie ?
>
> The rules for cookie names are stricter than those for cookie
> values. I believe the OP was asking about cookie values.
Nope:
On 4/1/15 5:38 AM, Peter Schroer wrote:
> This can be easily tested by writing "document.cookie='ä=0';" in
> the developer console of the browser.
So in this case, it's a cookie /name/, but a value.
Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVG/qFAAoJEBzwKT+lPKRY2cYP/09LKibAojslpGtJVHlxFIA9
L6kZENJ5hRkGEMef6QeYc96vs8GbiFh232uvR6pCipYGeWzREhskHB6uvFNxVV73
VOcCvFqZGXmYLFkXTc5H3w9I1aLPxgN1UOScpMnbDDCGd6l/QM+MQW69GveiZhMr
BLK9eS8ooRigJv1XgssMWgCZgQwZmb8vbVgaVHrySPgv9Qf8gr4Z3X3/DqfxFSUz
PpUu6beKDZ+mGrhVs1Fj7lvtJPiT20AdFPOkChZdY9VFEdr8LkpKz/JE2WZneOcj
jPjoITCJDDJdp+2Tx2HWPq3eMEHc8pNsvMU8c10F3wC+rUglPgdJgSblxWXWf0ko
Zxtq9DuSf6LnEOXqlFTNJEu3o9BRHL9t/DEdzBdIr51a9MG9K6xTenpLRHGV+87c
0PrnRzI2KVyJ2/5Xs/azOVc2ch4ACGaELdjyu1j5ybg7gi8336rK1BE5gw1gO/yN
dikmBgYsEvkSUe09DZRzRBzjPFfYfJqSlI63+R5pspu5PfEHisNmOMTBE2wqVzLb
tvdQuYaPilKFAwsJkpgskbRzXKXixEuEusgyOL9w3jN1nVHWrfJs+EvRiyl+2hlT
wnkF9eZzNZpZTVUD00IZA+WnMny4JWoW39GYZPjFlpKapWXry4xb7HuV4nbXSOtJ
oEJjApKZztT3xGHdJSbL
=I0ea
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cookie containing umlaut
Posted by André Warnier <aw...@ice-sa.com>.
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> André,
>
> On 4/1/15 10:27 AM, André Warnier wrote:
>> André Warnier wrote:
>>> Mark Thomas wrote:
>>>> On 01/04/2015 11:53, André Warnier wrote:
>>>>
>>>> <snip/>
>>>>
>>>>> By curiosity, I was trying to find the relevant RFCs, to see
>>>>> if "ä" is a valid name for a cookie. I am not sure..
>>>>>
>>>>> Cookies are defined in RFC6265
>>>>> (http://tools.ietf.org/html/rfc6265). That document defines
>>>>> the cookie-name as a "token", and refers to RFC2616 for the
>>>>> definition of token. RFC2616
>>>>> (http://tools.ietf.org/html/rfc2616#section-2.2) defines a
>>>>> "token" as a series of CHAR's, which in turn are defined as
>>>>>
>>>>> CHAR = <any US-ASCII character (octets 0 - 127)>
>>>>>
>>>>>
>>>>> So that would tend to say that "ä" is not a valid name for a
>>>>> cookie ?
>>>> The rules for cookie names are stricter than those for cookie
>>>> values. I believe the OP was asking about cookie values.
>>> I wasn't sure. The example given to reproduce it was of doing
>>>
>>> "document.cookie='ä=0';"
>>>
>>> "in the development console of the browser". Does that create a
>>> Cookie header with "ä" in the cookie name, or in the value ?
>>>
>>>> That said, no cookie spec allows 0x80 to 0xFF in the cookie
>>>> name or value.
>>>>
>>>> Tomcat's RFC 6265 cookie processor explicitly relaxes this
>>>> restriction for cookie values to support interoperability with
>>>> non-compliant clients and applications (since it can be done
>>>> safely).
>>>>
>>> It apparently solves the OP's problem for now, which is nice.
>>>
>>> But maybe Peter should be made aware of the fact that this is a
>>> Tomcat-only solution. There is no guarantee that if his proxy
>>> application is ported to another servlet container, it would work
>>> in the same way. Those cookies are apparently invalid as per the
>>> RFC's, so another container may still reject them.
>>>
>>>
>> P.S. It is on the other hand an interesting question in a generic
>> sense. What should "a good proxy" do in such a case ? accept the
>> invalid cookie header and pass it on to the target server unchanged
>> ? or should it reject it and not forward the request ? I'm sure
>> there is an RFC about that too..
>
> http://wiki.apache.org/tomcat/Cookies
>
> You might want to have a stiff drink in front of you to read that.
>
Oh, I see. And me naively thinking this was a simple matter..
Respect.
A few stiff drinks might be more in order.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cookie containing umlaut
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
André,
On 4/1/15 10:27 AM, André Warnier wrote:
> André Warnier wrote:
>> Mark Thomas wrote:
>>> On 01/04/2015 11:53, André Warnier wrote:
>>>
>>> <snip/>
>>>
>>>> By curiosity, I was trying to find the relevant RFCs, to see
>>>> if "ä" is a valid name for a cookie. I am not sure..
>>>>
>>>> Cookies are defined in RFC6265
>>>> (http://tools.ietf.org/html/rfc6265). That document defines
>>>> the cookie-name as a "token", and refers to RFC2616 for the
>>>> definition of token. RFC2616
>>>> (http://tools.ietf.org/html/rfc2616#section-2.2) defines a
>>>> "token" as a series of CHAR's, which in turn are defined as
>>>>
>>>> CHAR = <any US-ASCII character (octets 0 - 127)>
>>>>
>>>>
>>>> So that would tend to say that "ä" is not a valid name for a
>>>> cookie ?
>>>
>>> The rules for cookie names are stricter than those for cookie
>>> values. I believe the OP was asking about cookie values.
>>
>> I wasn't sure. The example given to reproduce it was of doing
>>
>> "document.cookie='ä=0';"
>>
>> "in the development console of the browser". Does that create a
>> Cookie header with "ä" in the cookie name, or in the value ?
>>
>>>
>>> That said, no cookie spec allows 0x80 to 0xFF in the cookie
>>> name or value.
>>>
>>> Tomcat's RFC 6265 cookie processor explicitly relaxes this
>>> restriction for cookie values to support interoperability with
>>> non-compliant clients and applications (since it can be done
>>> safely).
>>>
>>
>> It apparently solves the OP's problem for now, which is nice.
>>
>> But maybe Peter should be made aware of the fact that this is a
>> Tomcat-only solution. There is no guarantee that if his proxy
>> application is ported to another servlet container, it would work
>> in the same way. Those cookies are apparently invalid as per the
>> RFC's, so another container may still reject them.
>>
>>
> P.S. It is on the other hand an interesting question in a generic
> sense. What should "a good proxy" do in such a case ? accept the
> invalid cookie header and pass it on to the target server unchanged
> ? or should it reject it and not forward the request ? I'm sure
> there is an RFC about that too..
http://wiki.apache.org/tomcat/Cookies
You might want to have a stiff drink in front of you to read that.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVHAyvAAoJEBzwKT+lPKRYxhcP/0xYhBtBchRnYgteZ7uDwqjr
wz8il9a9ZQlOofrmkq2iepVKw9I0UIE4xFn3EKOMO3TS4JvJaeOajx61TZ5UTMj0
Mb+uWQUh2gEvR5im8QthjwcS3EjZ03kJNBC3h69PiWPM8XKsKj9a5KpZ7d3pQx3j
0fsdScUUUDHuV0AJKZ9INla+dEm2hRNQMKilQOhgAjhPmLE8ecf4d0LNy/ZdBNb6
bcdtDutc7tsss3HUrnEBlzeXJTyJSEpT+p1X++qp9nGlMmufwkeagzCOr38X84Jf
VsgZKNFELvyvENtMvvUevKwdTm7usJz2YS2LF3N5JYK0SFyaKTAiYbqm2rpOsjCZ
94c0pEuwKGaFIevSp/rNYfMiYYVbX5muzXtN0d0PuO52s6RSh7RaXqRw1U/VqgmD
oA+PtErmm0T3uokkvdpi4MFONcqj4RF/SlHXDeMElW/TqPO33exP69uCeU4b4LfA
30+iFVo0bkkBuj8Qtb3weot00Us7351ygoaYFyx0QK8wdq/QXB4DcpbG/RjvEIdB
buWk/b2ydtuB2adreQZ9zUANd2es8JMWyH/ejIiQKjiJOi0yeAtwWHjQ5974L0BB
7OBegFShvuYIEPP/G35jo+o3DUAGzY//IJvRA5mHIIgDN5GjZSmknkUhTloOrWx1
Srj4is9cfdOGcXZPYXMp
=PC6B
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cookie containing umlaut
Posted by André Warnier <aw...@ice-sa.com>.
André Warnier wrote:
> Mark Thomas wrote:
>> On 01/04/2015 11:53, André Warnier wrote:
>>
>> <snip/>
>>
>>> By curiosity, I was trying to find the relevant RFCs, to see if "ä" is a
>>> valid name for a cookie. I am not sure..
>>>
>>> Cookies are defined in RFC6265 (http://tools.ietf.org/html/rfc6265).
>>> That document defines the cookie-name as a "token", and refers to
>>> RFC2616 for the definition of token.
>>> RFC2616 (http://tools.ietf.org/html/rfc2616#section-2.2) defines a
>>> "token" as a series of CHAR's, which in turn are defined as
>>>
>>> CHAR = <any US-ASCII character (octets 0 - 127)>
>>>
>>>
>>> So that would tend to say that "ä" is not a valid name for a cookie ?
>>
>> The rules for cookie names are stricter than those for cookie values. I
>> believe the OP was asking about cookie values.
>
> I wasn't sure. The example given to reproduce it was of doing
>
> "document.cookie='ä=0';"
>
> "in the development console of the browser". Does that create a Cookie
> header with "ä" in the cookie name, or in the value ?
>
>>
>> That said, no cookie spec allows 0x80 to 0xFF in the cookie name or
>> value.
>>
>> Tomcat's RFC 6265 cookie processor explicitly relaxes this restriction
>> for cookie values to support interoperability with non-compliant clients
>> and applications (since it can be done safely).
>>
>
> It apparently solves the OP's problem for now, which is nice.
>
> But maybe Peter should be made aware of the fact that this is a
> Tomcat-only solution.
> There is no guarantee that if his proxy application is ported to another
> servlet container, it would work in the same way.
> Those cookies are apparently invalid as per the RFC's, so another
> container may still reject them.
>
>
P.S. It is on the other hand an interesting question in a generic sense. What should "a
good proxy" do in such a case ? accept the invalid cookie header and pass it on to the
target server unchanged ? or should it reject it and not forward the request ?
I'm sure there is an RFC about that too..
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cookie containing umlaut
Posted by André Warnier <aw...@ice-sa.com>.
Mark Thomas wrote:
> On 01/04/2015 11:53, André Warnier wrote:
>
> <snip/>
>
>> By curiosity, I was trying to find the relevant RFCs, to see if "ä" is a
>> valid name for a cookie. I am not sure..
>>
>> Cookies are defined in RFC6265 (http://tools.ietf.org/html/rfc6265).
>> That document defines the cookie-name as a "token", and refers to
>> RFC2616 for the definition of token.
>> RFC2616 (http://tools.ietf.org/html/rfc2616#section-2.2) defines a
>> "token" as a series of CHAR's, which in turn are defined as
>>
>> CHAR = <any US-ASCII character (octets 0 - 127)>
>>
>>
>> So that would tend to say that "ä" is not a valid name for a cookie ?
>
> The rules for cookie names are stricter than those for cookie values. I
> believe the OP was asking about cookie values.
I wasn't sure. The example given to reproduce it was of doing
"document.cookie='ä=0';"
"in the development console of the browser". Does that create a Cookie header with "ä" in
the cookie name, or in the value ?
>
> That said, no cookie spec allows 0x80 to 0xFF in the cookie name or value.
>
> Tomcat's RFC 6265 cookie processor explicitly relaxes this restriction
> for cookie values to support interoperability with non-compliant clients
> and applications (since it can be done safely).
>
It apparently solves the OP's problem for now, which is nice.
But maybe Peter should be made aware of the fact that this is a Tomcat-only solution.
There is no guarantee that if his proxy application is ported to another servlet
container, it would work in the same way.
Those cookies are apparently invalid as per the RFC's, so another container may still
reject them.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cookie containing umlaut
Posted by Mark Thomas <ma...@apache.org>.
On 01/04/2015 11:53, André Warnier wrote:
<snip/>
> By curiosity, I was trying to find the relevant RFCs, to see if "ä" is a
> valid name for a cookie. I am not sure..
>
> Cookies are defined in RFC6265 (http://tools.ietf.org/html/rfc6265).
> That document defines the cookie-name as a "token", and refers to
> RFC2616 for the definition of token.
> RFC2616 (http://tools.ietf.org/html/rfc2616#section-2.2) defines a
> "token" as a series of CHAR's, which in turn are defined as
>
> CHAR = <any US-ASCII character (octets 0 - 127)>
>
>
> So that would tend to say that "ä" is not a valid name for a cookie ?
The rules for cookie names are stricter than those for cookie values. I
believe the OP was asking about cookie values.
That said, no cookie spec allows 0x80 to 0xFF in the cookie name or value.
Tomcat's RFC 6265 cookie processor explicitly relaxes this restriction
for cookie values to support interoperability with non-compliant clients
and applications (since it can be done safely).
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cookie containing umlaut
Posted by André Warnier <aw...@ice-sa.com>.
Peter Schroer wrote:
> Version 8.0.3.0
> Am 01.04.2015 12:30 schrieb "Mark Thomas" <ma...@apache.org>:
>
>> On 01/04/2015 10:38, Peter Schroer wrote:
>>> Hi,
>>>
>>> I've got a problem with Tomcat processing cookies which contain a umlaut.
>> Tomcat version?
>>
>> Mark
>>
>>
>>> Tomcat will throw a 500 internal server error if a cookie containing a
>>> umlaut is set. This can be easily tested by writing
>> "document.cookie='ä=0';"
>>> in the developer console of the browser. The tomcat log will show the
>>> following error:
>>>
>>> SEVERE [http-nio-8084-exec-13]
>>> org.apache.coyote.http11.AbstractHttp11Processor.process Error processing
>>> request
>>> java.lang.IllegalArgumentException: Control character in cookie value or
>>> attribute.
>>> at
>>>
>> org.apache.tomcat.util.http.CookieSupport.isHttpSeparator(CookieSupport.java
>>> :185)
>>> at
>>> org.apache.tomcat.util.http.Cookies.processCookieHeader(Cookies.java:281)
>>> at
>>> org.apache.tomcat.util.http.Cookies.processCookies(Cookies.java:176)
>>> at
>>> org.apache.tomcat.util.http.Cookies.getCookieCount(Cookies.java:106)
>>> at
>>>
>> org.apache.catalina.connector.CoyoteAdapter.parseSessionCookiesId(CoyoteAdap
>>> ter.java:1070)
>>> at
>>>
>> org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.j
>>> ava:827)
>>> at
>>>
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:511)
>>> at
>>>
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
>>> ssor.java:1015)
>>> at
>>>
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
>>> tProtocol.java:652)
>>> at
>>>
>> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(H
>>> ttp11NioProtocol.java:222)
>>> at
>>>
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.jav
>>> a:1575)
>>> at
>>>
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:
>>> 1533)
>>> at
>>>
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:11
>>> 45)
>>> at
>>>
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:6
>>> 15)
>>> at java.lang.Thread.run(Thread.java:722)
>>>
>>> I'm writing some kind of proxy and don't have any influence on the
>> cookies
>>> set by third party webpages. Is there any way of stopping tomcat from
>>> throwing this error?
>>>
>>> Greetings Peter
>>>
By curiosity, I was trying to find the relevant RFCs, to see if "ä" is a valid name for a
cookie. I am not sure..
Cookies are defined in RFC6265 (http://tools.ietf.org/html/rfc6265).
That document defines the cookie-name as a "token", and refers to RFC2616 for the
definition of token.
RFC2616 (http://tools.ietf.org/html/rfc2616#section-2.2) defines a "token" as a series of
CHAR's, which in turn are defined as
CHAR = <any US-ASCII character (octets 0 - 127)>
So that would tend to say that "ä" is not a valid name for a cookie ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: cookie containing umlaut
Posted by Peter Schroer <pe...@blueits.com>.
This solved my problem. Thank you!!!
Greetings Peter
-----Ursprüngliche Nachricht-----
Von: Mark Thomas [mailto:markt@apache.org]
Gesendet: Mittwoch, 1. April 2015 12:39
An: Tomcat Users List
Betreff: Re: cookie containing umlaut
On 01/04/2015 11:31, Peter Schroer wrote:
> Version 8.0.3.0
OK. You'll need to upgrade to at least 8.0.15 and then enable the RFC
6455 cookie processor. See:
http://tomcat.apache.org/tomcat-8.0-doc/config/cookie-processor.html
If you use something like this in $CATALINA_BASE/conf/context.xml, all your contexts will use the newer cookie processor.
<Context .....>
<CookieProcessor
className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" /> </Context>
I'd always recommend upgrading to the latest stable 8.0.x release which
- as I write this - is 8.0.21.
Mark
> Am 01.04.2015 12:30 schrieb "Mark Thomas" <ma...@apache.org>:
>
>> On 01/04/2015 10:38, Peter Schroer wrote:
>>> Hi,
>>>
>>> I've got a problem with Tomcat processing cookies which contain a umlaut.
>>
>> Tomcat version?
>>
>> Mark
>>
>>
>>> Tomcat will throw a 500 internal server error if a cookie containing
>>> a umlaut is set. This can be easily tested by writing
>> "document.cookie='ä=0';"
>>> in the developer console of the browser. The tomcat log will show
>>> the following error:
>>>
>>> SEVERE [http-nio-8084-exec-13]
>>> org.apache.coyote.http11.AbstractHttp11Processor.process Error
>>> processing request
>>> java.lang.IllegalArgumentException: Control character in cookie
>>> value or attribute.
>>> at
>>>
>> org.apache.tomcat.util.http.CookieSupport.isHttpSeparator(CookieSuppo
>> rt.java
>>> :185)
>>> at
>>> org.apache.tomcat.util.http.Cookies.processCookieHeader(Cookies.java:281)
>>> at
>>> org.apache.tomcat.util.http.Cookies.processCookies(Cookies.java:176)
>>> at
>>> org.apache.tomcat.util.http.Cookies.getCookieCount(Cookies.java:106)
>>> at
>>>
>> org.apache.catalina.connector.CoyoteAdapter.parseSessionCookiesId(Coy
>> oteAdap
>>> ter.java:1070)
>>> at
>>>
>> org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAd
>> apter.j
>>> ava:827)
>>> at
>>>
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
>> a:511)
>>> at
>>>
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp
>> 11Proce
>>> ssor.java:1015)
>>> at
>>>
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
>> Abstrac
>>> tProtocol.java:652)
>>> at
>>>
>> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.pr
>> ocess(H
>>> ttp11NioProtocol.java:222)
>>> at
>>>
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpo
>> int.jav
>>> a:1575)
>>> at
>>>
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:
>>> 1533)
>>> at
>>>
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
>> java:11
>>> 45)
>>> at
>>>
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
>> .java:6
>>> 15)
>>> at java.lang.Thread.run(Thread.java:722)
>>>
>>> I'm writing some kind of proxy and don't have any influence on the
>> cookies
>>> set by third party webpages. Is there any way of stopping tomcat
>>> from throwing this error?
>>>
>>> Greetings Peter
>>>
>>>
>>>
>>> --------------------------------------------------------------------
>>> - To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cookie containing umlaut
Posted by Mark Thomas <ma...@apache.org>.
On 01/04/2015 11:31, Peter Schroer wrote:
> Version 8.0.3.0
OK. You'll need to upgrade to at least 8.0.15 and then enable the RFC
6455 cookie processor. See:
http://tomcat.apache.org/tomcat-8.0-doc/config/cookie-processor.html
If you use something like this in $CATALINA_BASE/conf/context.xml, all
your contexts will use the newer cookie processor.
<Context .....>
<CookieProcessor
className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" />
</Context>
I'd always recommend upgrading to the latest stable 8.0.x release which
- as I write this - is 8.0.21.
Mark
> Am 01.04.2015 12:30 schrieb "Mark Thomas" <ma...@apache.org>:
>
>> On 01/04/2015 10:38, Peter Schroer wrote:
>>> Hi,
>>>
>>> I've got a problem with Tomcat processing cookies which contain a umlaut.
>>
>> Tomcat version?
>>
>> Mark
>>
>>
>>> Tomcat will throw a 500 internal server error if a cookie containing a
>>> umlaut is set. This can be easily tested by writing
>> "document.cookie='ä=0';"
>>> in the developer console of the browser. The tomcat log will show the
>>> following error:
>>>
>>> SEVERE [http-nio-8084-exec-13]
>>> org.apache.coyote.http11.AbstractHttp11Processor.process Error processing
>>> request
>>> java.lang.IllegalArgumentException: Control character in cookie value or
>>> attribute.
>>> at
>>>
>> org.apache.tomcat.util.http.CookieSupport.isHttpSeparator(CookieSupport.java
>>> :185)
>>> at
>>> org.apache.tomcat.util.http.Cookies.processCookieHeader(Cookies.java:281)
>>> at
>>> org.apache.tomcat.util.http.Cookies.processCookies(Cookies.java:176)
>>> at
>>> org.apache.tomcat.util.http.Cookies.getCookieCount(Cookies.java:106)
>>> at
>>>
>> org.apache.catalina.connector.CoyoteAdapter.parseSessionCookiesId(CoyoteAdap
>>> ter.java:1070)
>>> at
>>>
>> org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.j
>>> ava:827)
>>> at
>>>
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:511)
>>> at
>>>
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
>>> ssor.java:1015)
>>> at
>>>
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
>>> tProtocol.java:652)
>>> at
>>>
>> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(H
>>> ttp11NioProtocol.java:222)
>>> at
>>>
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.jav
>>> a:1575)
>>> at
>>>
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:
>>> 1533)
>>> at
>>>
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:11
>>> 45)
>>> at
>>>
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:6
>>> 15)
>>> at java.lang.Thread.run(Thread.java:722)
>>>
>>> I'm writing some kind of proxy and don't have any influence on the
>> cookies
>>> set by third party webpages. Is there any way of stopping tomcat from
>>> throwing this error?
>>>
>>> Greetings Peter
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cookie containing umlaut
Posted by Peter Schroer <pe...@blueits.com>.
Version 8.0.3.0
Am 01.04.2015 12:30 schrieb "Mark Thomas" <ma...@apache.org>:
> On 01/04/2015 10:38, Peter Schroer wrote:
> > Hi,
> >
> > I've got a problem with Tomcat processing cookies which contain a umlaut.
>
> Tomcat version?
>
> Mark
>
>
> > Tomcat will throw a 500 internal server error if a cookie containing a
> > umlaut is set. This can be easily tested by writing
> "document.cookie='ä=0';"
> > in the developer console of the browser. The tomcat log will show the
> > following error:
> >
> > SEVERE [http-nio-8084-exec-13]
> > org.apache.coyote.http11.AbstractHttp11Processor.process Error processing
> > request
> > java.lang.IllegalArgumentException: Control character in cookie value or
> > attribute.
> > at
> >
> org.apache.tomcat.util.http.CookieSupport.isHttpSeparator(CookieSupport.java
> > :185)
> > at
> > org.apache.tomcat.util.http.Cookies.processCookieHeader(Cookies.java:281)
> > at
> > org.apache.tomcat.util.http.Cookies.processCookies(Cookies.java:176)
> > at
> > org.apache.tomcat.util.http.Cookies.getCookieCount(Cookies.java:106)
> > at
> >
> org.apache.catalina.connector.CoyoteAdapter.parseSessionCookiesId(CoyoteAdap
> > ter.java:1070)
> > at
> >
> org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.j
> > ava:827)
> > at
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:511)
> > at
> >
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
> > ssor.java:1015)
> > at
> >
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
> > tProtocol.java:652)
> > at
> >
> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(H
> > ttp11NioProtocol.java:222)
> > at
> >
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.jav
> > a:1575)
> > at
> >
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:
> > 1533)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:11
> > 45)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:6
> > 15)
> > at java.lang.Thread.run(Thread.java:722)
> >
> > I'm writing some kind of proxy and don't have any influence on the
> cookies
> > set by third party webpages. Is there any way of stopping tomcat from
> > throwing this error?
> >
> > Greetings Peter
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: cookie containing umlaut
Posted by Mark Thomas <ma...@apache.org>.
On 01/04/2015 10:38, Peter Schroer wrote:
> Hi,
>
> I've got a problem with Tomcat processing cookies which contain a umlaut.
Tomcat version?
Mark
> Tomcat will throw a 500 internal server error if a cookie containing a
> umlaut is set. This can be easily tested by writing "document.cookie='ä=0';"
> in the developer console of the browser. The tomcat log will show the
> following error:
>
> SEVERE [http-nio-8084-exec-13]
> org.apache.coyote.http11.AbstractHttp11Processor.process Error processing
> request
> java.lang.IllegalArgumentException: Control character in cookie value or
> attribute.
> at
> org.apache.tomcat.util.http.CookieSupport.isHttpSeparator(CookieSupport.java
> :185)
> at
> org.apache.tomcat.util.http.Cookies.processCookieHeader(Cookies.java:281)
> at
> org.apache.tomcat.util.http.Cookies.processCookies(Cookies.java:176)
> at
> org.apache.tomcat.util.http.Cookies.getCookieCount(Cookies.java:106)
> at
> org.apache.catalina.connector.CoyoteAdapter.parseSessionCookiesId(CoyoteAdap
> ter.java:1070)
> at
> org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.j
> ava:827)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:511)
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
> ssor.java:1015)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
> tProtocol.java:652)
> at
> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(H
> ttp11NioProtocol.java:222)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.jav
> a:1575)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:
> 1533)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:11
> 45)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:6
> 15)
> at java.lang.Thread.run(Thread.java:722)
>
> I'm writing some kind of proxy and don't have any influence on the cookies
> set by third party webpages. Is there any way of stopping tomcat from
> throwing this error?
>
> Greetings Peter
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org