You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/01/23 10:52:16 UTC
[Bug 60627] New: Wrong cookie makes Rfc6265CookieProcessor ommit all
following cookies
https://bz.apache.org/bugzilla/show_bug.cgi?id=60627
Bug ID: 60627
Summary: Wrong cookie makes Rfc6265CookieProcessor ommit all
following cookies
Product: Tomcat 8
Version: 8.5.8
Hardware: PC
Status: NEW
Severity: minor
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: ales_d@seznam.cz
Target Milestone: ----
Our client (NGi/GVP Media Control Platform (Build: 8.5.150.63)) sends following
Cookie header with request:
Cookie: $Version="0"; JSESSIONID=3BE951FE7F4A2BA1A47390E6674256A3.WH5;
$Path=/ivr-csob
The cookie is not processed however and new session is created. If the
JSESSIONID cookie goes before the $Version cookie it understood.
The old LegacyCookieProcessor can understand it - so we have forced the
application to use it.
I'm aware that the Cookie hewader is not RFC6265 compliant, but it would be
nice if it tired to process all cookies specified in the header and not fail
after first parsing error. From this point of view is the new processor less
lenient thatn the old one.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60627] Wrong cookie makes Rfc6265CookieProcessor ommit all
following cookies
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60627
Michael Osipov <19...@gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
CC| |1983-01-06@gmx.net
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60627] Wrong cookie makes Rfc6265CookieProcessor ommit all
following cookies
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60627
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Fixed in:
- trunk for 9.0.0.M18 onwards
- 8.5.x for 8.5.12 onwards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60627] Wrong cookie makes Rfc6265CookieProcessor ommit all
following cookies
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60627
--- Comment #2 from Mark Thomas <ma...@apache.org> ---
The RFC6265 parser switches to RFC2109 rules if it sees $Version="1". It
currently treats any other version as unknown and rejects the header.
We could configure the RFC6265 parser to parse version 0 either with the
RFC2109 parser or the RFC6265 parser. I'm leaning towards RFC2109 but I'd like
to give this a little more thought. Also, any feedback would be very welcome.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60627] Wrong cookie makes Rfc6265CookieProcessor ommit all
following cookies
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60627
--- Comment #1 from Ales Dolecek <al...@seznam.cz> ---
The format used by the client is RFC 2109 or RFC 2965. So I guess it was
probably dropped from Rfc6265CookieProcessor intentionally.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org