You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Igor Vaynberg (JIRA)" <ji...@apache.org> on 2010/08/27 06:06:53 UTC

[jira] Resolved: (WICKET-2577) Cookies with special symbols in its values aren't properly saved

     [ https://issues.apache.org/jira/browse/WICKET-2577?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Igor Vaynberg resolved WICKET-2577.
-----------------------------------

      Assignee: Igor Vaynberg
    Resolution: Won't Fix

see WICKET-2842 for how to make this work

> Cookies with special symbols in its values aren't properly saved
> ----------------------------------------------------------------
>
>                 Key: WICKET-2577
>                 URL: https://issues.apache.org/jira/browse/WICKET-2577
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.4.4
>            Reporter: Michael Mikhulya
>            Assignee: Igor Vaynberg
>
> Cookies with special symbols in its values aren't properly saved and as result of it aren't properly loaded.
> The real example is usage of email name as a login in a login form with "remember me" feature.
> The problem is that email name contains '@' symbol which is inside "tspecials" set according to rfc2068 (2.2), and so can't be used in cookie value.
> The possible solution to this issue is to use "quoted-string" instead of "token", as described in rfc2109 (4.1).
> To workaround this problem I override getValuePersister class of a Form class:
> 		@Override
> 		protected IValuePersister getValuePersister() {
> 			return new CookieValuePersister() {
> 				@Override
> 				public void save(String key, String value) {
> 					super.save(key, "\"" + value + "\"");
> 				}
> 			};
> 		}
> Without this workaround loaded value is just "username" instead of "username@domain.name".
> I believe the proper place to fix it in a Cookie class, but probably there are some historical reasons to don't follow RFC.
> E.g. in a jetty servlet-api-2.5-6.1.9 you can see following code:
>     // Note -- disabled for now to allow full Netscape compatibility
>     // from RFC 2068, token special case characters
>     // 
>     // private static final String tspecials = "()<>@,;:\\\"/[]?={} \t";
>     private static final String tspecials = ",; ";
> But issue exists in tomcat implementation of servlet-api too and also depends on browser.
> So I suggest to add workaround in wicket. Probably we should add quotes only if tspecials are contained inside cookie value, but in my workaround I don't care about two extra chars and also don't check whether value is already quoted.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.