You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Felicity Tarnell (JIRA)" <ji...@apache.org> on 2015/05/19 17:21:59 UTC
[jira] [Comment Edited] (TS-3595) Cookie header split into multiple
lines with H2
[ https://issues.apache.org/jira/browse/TS-3595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14550603#comment-14550603 ]
Felicity Tarnell edited comment on TS-3595 at 5/19/15 3:21 PM:
---------------------------------------------------------------
This breaks cookie/session handling in some applications (PHP, at least, using Chrome 42 as a client).
Test case:
{noformat}
# cat test.php
<pre>
<?php
echo htmlspecialchars(print_r($_SERVER, true));
{noformat}
Request:
{noformat}
23!severance:~>nghttp -H':authority: wiki.torchbox.com' -H 'Cookie: a=b' -H 'Cookie: c=d' https://193.227.244.85/test.php | grep COOKIE
[HTTP_COOKIE] => a=b
24!severance:~>
{noformat}
The first cookie, {{a=b}} is present, but {{c=d}} is missing.
However, setting several cookies in a single header does work:
{noformat}
20!severance:~>nghttp -H':authority: wiki.torchbox.com' -H 'Cookie: a=b; c=d' https://193.227.244.85/test.php | grep COOKIE
[HTTP_COOKIE] => a=b; c=d
{noformat}
Tested with 5.3.0.
was (Author: ftarnell):
This breaks cookie/session handling in some applications (PHP, at least, using Chrome 42 as a client).
Test case:
{noformat}
# cat test.php
<pre>
<?php
echo htmlspecialchars(print_r($_SERVER, true));
{noformat}
Request:
{noformat}
23!severance:~>nghttp -H':authority: wiki.torchbox.com' -H 'Cookie: a=b' -H 'Cookie: c=d' https://193.227.244.85/test.php | grep COOKIE
[HTTP_COOKIE] => a=b
24!severance:~>
{noformat}
However, setting several cookies in a single header does work:
{noformat}
20!severance:~>nghttp -H':authority: wiki.torchbox.com' -H 'Cookie: a=b; c=d' https://193.227.244.85/test.php | grep COOKIE
[HTTP_COOKIE] => a=b; c=d
{noformat}
Tested with 5.3.0.
> Cookie header split into multiple lines with H2
> -----------------------------------------------
>
> Key: TS-3595
> URL: https://issues.apache.org/jira/browse/TS-3595
> Project: Traffic Server
> Issue Type: Bug
> Components: HTTP/2
> Reporter: Scott Beardsley
> Fix For: 6.0.0
>
>
> I've noticed that the Cookie header is now split into multiple lines. I can't tell if this is a part of the HPACK spec but it is definitely different from the SPDY 3.1 TS implementation.
> [May 12 06:08:10.630] Server {0x2b387f285700} DEBUG: (http2_hpack_decode) Decoded field: :authority: search.yahoo.com
> [May 12 06:08:10.630] Server {0x2b387f285700} DEBUG: (http2_hpack_decode) Decoded field: :method: GET
> [May 12 06:08:10.630] Server {0x2b387f285700} DEBUG: (http2_hpack_decode) Decoded field: :path: /
> [May 12 06:08:10.630] Server {0x2b387f285700} DEBUG: (http2_hpack_decode) Decoded field: :scheme: https
> [May 12 06:08:10.630] Server {0x2b387f285700} DEBUG: (http2_hpack_decode) Decoded field: Accept: */*
> [May 12 06:08:10.630] Server {0x2b387f285700} DEBUG: (http2_hpack_decode) Decoded field: Accept-Encoding: gzip, deflate, sdch
> [May 12 06:08:10.630] Server {0x2b387f285700} DEBUG: (http2_hpack_decode) Decoded field: Accept-Language: en-US,en;q=0.8,it-IT;q=0.6,it;q=0.4,ja;q=0.2
> [May 12 06:08:10.630] Server {0x2b387f285700} DEBUG: (http2_hpack_decode) Decoded field: Cookie: AO=u=1&o=1
> [May 12 06:08:10.631] Server {0x2b387f285700} DEBUG: (http2_hpack_decode) Decoded field: Cookie: B=abc123
> [May 12 06:08:10.631] Server {0x2b387f285700} DEBUG: (http2_hpack_decode) Decoded field: Cookie: DSS=321321
> [May 12 06:08:10.631] Server {0x2b387f285700} DEBUG: (http2_hpack_decode) Decoded field: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)