DO NOT REPLY [Bug 21157] New: - CookieExample is setting cookie after writing data

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21157>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21157

CookieExample is setting cookie after writing data

           Summary: CookieExample is setting cookie after writing data
           Product: Tomcat 4
           Version: 4.1.24
          Platform: All
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Webapps:Examples
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: vishy@borland.com


A servlet can not set the headers and cookies after writing data to the 
servlet's output stream. Once the servlet writes data, headers are committed. 
However CookieExample writes some data first before doing addCookie on the 
response. 

The reason why this code works at all even with the above bug is: The 
CookieExample is only writing a small amount of data before doing 
response.addCookie. That data is still held in buffer and not yet sent over 
the wire. Hence the headers are not yet committed. So it is pure luck that 
this example works. 

You can easily expose the bug by writing say 20K characters in this example 
before response.addCookie is called. You will see that the cookies that are 
adding to response are not actually sent back to client. 

Fix is simple. Move up the response.addCookie() before response.getWriter()

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org