You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2009/12/17 22:18:09 UTC

DO NOT REPLY [Bug 48409] New: Cookie information is stripped after colon

https://issues.apache.org/bugzilla/show_bug.cgi?id=48409

           Summary: Cookie information is stripped after colon
           Product: Tomcat 6
           Version: 6.0.20
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: blocker
          Priority: P2
         Component: Servlet & JSP API
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: sundarramalingam@gmail.com


Cookie information when read using this version strips cookie value when it
sees colon. This bothers our application where login logic is dependent on
reading the cookie.

Tomcat 5.5.25 does work very well.

But Tomcat 6.0.20 does not. Below is the example.

-- Tomcat 5.5.25
ECCUser:n0MSlkL7ugtO84tH:n0MTL1Z9YZSMSolB:airsdenise

--Tomcat 6.0.20
ECCUser:n0V1URmZt5prVsGl

ps. Cookie information is read using as below.
Cookie [] cookies = req.getCookies(); // req is HttpServletRequest


Let us know if there is any patch that works.

Please let me know if you need more information.

Thanks,
Sundar

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 48409] Cookie information is stripped after colon

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=48409

Robert Schultz <ro...@cosmicrealms.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|INVALID                     |FIXED

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 48409] Cookie information is stripped after colon

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=48409

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #1 from Mark Thomas <ma...@apache.org> 2009-12-17 13:21:52 GMT ---
That cookie is not spec complaint. Please ask on the users list if you need
advice regarding approaches available to use colons in cookie values.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 48409] Cookie information is stripped after colon

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=48409

SunTom <su...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|Servlet & JSP API           |Catalina

--- Comment #2 from SunTom <su...@gmail.com> 2009-12-18 11:41:59 UTC ---
(In reply to comment #1)
> That cookie is not spec complaint. Please ask on the users list if you need
> advice regarding approaches available to use colons in cookie values.


Mark, Thanks for immediate response. I guess I wasn't clear in my bug report. 

  This cookie is set by my company's enterprise site. 

For Example in the below cookie testUser is the login name. I need to parse and
get the username by reading cookie. 

COOKIE:
=======

 ECCUser:n0MSlkL7ugtO84tH:n0MTL1Z9YZSMSolB:testUser

In tomcat 5.5 when i read the above cookie I get whole information. But when I
read cookie using the same code in Tomcat 6.0.20 i get only

 ECCUser:n0MSlkL7ugtO84tH

 I couldn't get whole information until testUser. Since I am using the same
piece of code, I was expecting it would be consistent in tomcat 6.0.20, but it
is not. Hence I raised the bug.

Thanks, Sundar

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 48409] Cookie information is stripped after colon

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=48409

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|FIXED                       |INVALID

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 48409] Cookie information is stripped after colon

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=48409

--- Comment #3 from Mark Thomas <ma...@apache.org> 2009-12-19 12:57:24 GMT ---
Tomcat's cookie parsing was made stricter in later versions to deal with some
security issues - hence the difference in behaviour.

Your company's enterprise site is badly broken. If the folks that are
responsible for generating the cookie are unwilling or unable to fix their
broken code there are things you can do to work around this. The users list is
the place to get help with that if you need it.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 48409] Cookie information is stripped after colon

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=48409

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jelmer@jteam.nl

--- Comment #4 from Mark Thomas <ma...@apache.org> 2011-05-01 09:39:54 UTC ---
*** Bug 51138 has been marked as a duplicate of this bug. ***

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org