You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/01/23 10:52:16 UTC

[Bug 60627] New: Wrong cookie makes Rfc6265CookieProcessor ommit all following cookies

https://bz.apache.org/bugzilla/show_bug.cgi?id=60627

            Bug ID: 60627
           Summary: Wrong cookie makes Rfc6265CookieProcessor ommit all
                    following cookies
           Product: Tomcat 8
           Version: 8.5.8
          Hardware: PC
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: ales_d@seznam.cz
  Target Milestone: ----

Our client (NGi/GVP Media Control Platform (Build: 8.5.150.63)) sends following
Cookie header with request:

Cookie: $Version="0"; JSESSIONID=3BE951FE7F4A2BA1A47390E6674256A3.WH5;
$Path=/ivr-csob

The cookie is not processed however and new session is created. If the
JSESSIONID cookie goes before the $Version cookie it understood.

The old LegacyCookieProcessor can understand it - so we have forced the
application to use it.

I'm aware that the Cookie hewader is not RFC6265 compliant, but it would be
nice if it tired to process all cookies specified in the header and not fail
after first parsing error. From this point of view is the new processor less
lenient thatn the old one.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 60627] Wrong cookie makes Rfc6265CookieProcessor ommit all following cookies

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60627

Michael Osipov <19...@gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All
                 CC|                            |1983-01-06@gmx.net

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 60627] Wrong cookie makes Rfc6265CookieProcessor ommit all following cookies

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60627

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Fixed in:
- trunk for 9.0.0.M18 onwards
- 8.5.x for 8.5.12 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 60627] Wrong cookie makes Rfc6265CookieProcessor ommit all following cookies

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60627

--- Comment #2 from Mark Thomas <ma...@apache.org> ---
The RFC6265 parser switches to RFC2109 rules if it sees $Version="1". It
currently treats any other version as unknown and rejects the header.

We could configure the RFC6265 parser to parse version 0 either with the
RFC2109 parser or the RFC6265 parser. I'm leaning towards RFC2109 but I'd like
to give this a little more thought. Also, any feedback would be very welcome.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 60627] Wrong cookie makes Rfc6265CookieProcessor ommit all following cookies

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60627

--- Comment #1 from Ales Dolecek <al...@seznam.cz> ---
The format used by the client is RFC 2109 or RFC 2965. So I guess it was
probably dropped from Rfc6265CookieProcessor intentionally.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org