You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John Clark <sc...@scratchdrive.com> on 2011/04/06 17:35:38 UTC
Tomcat6 Cookies
I recently upgraded my Tomcat cluster from 5 to 6 and am no longer able to
use getCookie() to retrieve our Omniture cookie data using
request.getCookies(). We are still able to access the cookie name and value
via a request header so we're using this as a work around but I'm still
curious as to why getCookie() no longer works.. Is this some sort of
security restriction in Tomcat6?
Here's what we get in the "cookie" request header, using *
request.getHeader("cookie")*. Note the presence of s_vi.
s_sq=dev%3D%2526pid%253D/page/blah.jsp%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BreturnshowDebugDumpRequest%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA;
JSESSIONID=897660B3D20E674F2D38E6CBD48814D24; s_cc=true;
*s_vi*=[CS]v1|26C8FDB30515A765-60000175C0022D93[CE];
__utma=250344192.1083919342.1301415933.1301415933.1301415933.1;
__utmc=250344192;
__utmz=25034774129322.130133.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
cpxRefCode=7020
Here are the cookies that we can see, using *request.getCookies()*. We can
see all the cookies except s_vi. This includes google analytics cookies
that are likely set by js running on our site. *Name**Value*s_cctrue
JSESSIONID 897660B3D20E674F2D38E6CBD48814D24__utmz25034774129322.130133.1.1
.utmcsrcpxRefCode7020s_sq
dev%3D%2526pid%253D/page/blah.jsp%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BreturnshowDebugDumpRequest%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA
__utma250344192.1083919342.1301415933.1301415933.1301415933.1__utmc
250344192All of these cookies, including s_vi, have a Domain value set to *.
domain.com* (or .domain.local in this case). The biggest difference is that
s_vi was set via Omniture on the cnamed *metric.domain.com*domain (which you
can see by using Linux Chrome), while all others show just *domain.com* as
the domain of origin. Note that when I say domain of origin I mean
something different than the actual Domain value set on the cookie, which is
the same for all of them.
Re: Tomcat6 Cookies
Posted by Mark Thomas <ma...@apache.org>.
On 06/04/2011 16:35, John Clark wrote:
> I recently upgraded my Tomcat cluster from 5 to 6 and am no longer able to
> use getCookie() to retrieve our Omniture cookie data using
> request.getCookies(). We are still able to access the cookie name and value
> via a request header so we're using this as a work around but I'm still
> curious as to why getCookie() no longer works.. Is this some sort of
> security restriction in Tomcat6?
Nope, the cookie is invalid hence Tomcat rejects it. Tomcat 6 is just
stricter than Tomcat 5 in adhering to the specs.
> s_vi=[CS]v1|26C8FDB30515A765-60000175C0022D93[CE];
Neither '[' nor ']' are permitted in cookie values unless the value is
quoted.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org