DO NOT REPLY [Bug 48559] Security fix for CVE-2007-5333 causing interoperability problems

[bu...@apache.org]

https://issues.apache.org/bugzilla/show_bug.cgi?id=48559

--- Comment #3 from Jens <bu...@xrheingauerx.de> 2010-02-05 03:01:33 UTC ---
I have a problem I think it´s near this or the same. If not pls move my thread.

OS: Windows XP 32 bit
Tomcat: 6.0.18 / 6.0.24
localhost:8080

Problem:
In our web-app we use cookies and the values are first signed, then encrypted
and at last Base64 encoded.

Because the Base64 encoding the Values ends all with == like this:
...uID4Ibe0QcbH9UxOe332quqCJBiJQ==

If I use a Browser like Mozilla 3 or IE 8 the function "String
javax.servlet.http.Cookie.getValue()" returns the correct value and the way
back to the plain text/value works fine.

Now I have to test a heavy load on our system and therefore I want to use
JMeter. Latest version 2.3.4. I have implemented in my "Thread-Group" a "HTTP
Cookie Manager" and set the cookies to "compatibility".

The Problem here:
It doesn´t work. In the "Sampler result" I can see the cookie was set:
...rxjsakqhgaam4LT0fNAA4UCiA=="; Version=1; Path=/

But the function "String javax.servlet.http.Cookie.getValue()" returns now:
...rxjsakqhgaam4LT0fNAA4UCiA

even without == at the end. So the Base64-decoding doesn´t (can´t) deliver the
wanted result.

Any idea what happens here?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org