You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Lenny Karpel <lk...@Eloquent.com> on 2002/08/30 20:14:32 UTC

Question about the processing of Cookie: headers.

Hello ..
 
One of my compatriots is having a problem with a 3rd party peice of software
that attempting to access a Tomcat 4.0.4 server.
 
The 3rd party software .. acting as a client .. is sending a requst with a
cookie: header with the following value ..
 
    JSESSIONID=F40180928E56604E197E25DEA7C4EF6F; domain=null; path=/ecs
 
Tomcat 4.0.4 complains with an IllegalArgumentException exception  ..
 
The exception occurs in the Coyote adaptor.. 
 
    org.apache.coyote.tomcat4CoyoteAdapter
 
in method parseCookies .. when 'copying' the cookies for the current request
.. calling 'new Cookie()' ..
 
>From rfc 2109 the cookie header does appear to be 'wrong' since domain and
path .. in this case .. should be $Domain and $Path ..
 
However .. there is code in the jakarta-servletapi ..
javax.servlet.http.Cookie .. that I do have a question about ..
 
The code for the Cookie constructor disallows cookies with the names of the
set-cookie attribute values .. this is what is causing the above exception
..
 
Sooo .. the question is: Where in rfc 2109 does it say that cookie names
cannot be the names of the set-cookie attribute values ??
 
While I have reported back to the 3rd party that thier software has
'problems' .. I dont understand why Tomcat is performing the tests specified
in the code ..
 
If anyone could comment on this .. it would be greatly appreciated ..
 
Len