You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2010/05/05 15:56:55 UTC

DO NOT REPLY [Bug 49252] New: Reading a cookie with an '=' in the value is truncated

https://issues.apache.org/bugzilla/show_bug.cgi?id=49252

           Summary: Reading a cookie with an '=' in the value is truncated
           Product: Tomcat 6
           Version: 6.0.24
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: alex.objelean@gmail.com


Simple JSP that reproduces the issue

If you set a cookie in a JSP that has an '=' character in the value, reading
that
cookie in subsequent loads truncates at the apostrophe.

Reading the cookie fails even if the cookie was set client side or was
pre-existing.

I've attached a very simple testcase.jsp page

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 49252] Reading a cookie with an '=' in the value is truncated

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=49252

Konstantin Kolinko <kn...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|INVALID                     |DUPLICATE

--- Comment #6 from Konstantin Kolinko <kn...@gmail.com> 2010-05-05 10:42:24 EDT ---
1. You should search first, before submitting an issue. See bug 44679
2. testcase.jsp is not attached
3. There is a configuration option to allow equal signs in a cookie value,
since 6.0.24, see
http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html

*** This bug has been marked as a duplicate of bug 44679 ***

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 49252] Reading a cookie with an '=' in the value is truncated

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=49252

Alex Objelean <al...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |

--- Comment #3 from Alex Objelean <al...@gmail.com> 2010-05-05 10:10:16 EDT ---
Not using Base64 character is not an option for us. Is there a work around for
this problem?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 49252] Reading a cookie with an '=' in the value is truncated

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=49252

--- Comment #5 from Alex Objelean <al...@gmail.com> 2010-05-05 10:39:24 EDT ---
(In reply to comment #4)
> (In reply to comment #3)
> > Not using Base64 character is not an option for us. Is there a work around for
> > this problem?
> 
> To repeat what the man said:
> 
> "Please read the archives or ask on the users list if you need further
> assistance."
> 
> Bugzilla is not an appropriate forum for discussing application and
> configuration issues.
> 
>  - Chuck

Thank you Chuck. You are very kind and helpful :)

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 49252] Reading a cookie with an '=' in the value is truncated

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=49252

--- Comment #2 from Alex Objelean <al...@gmail.com> 2010-05-05 10:04:23 EDT ---
(In reply to comment #1)
> Such a cookie is not specification compliant. Please read the archives or ask
> on the users list if you need further assistance.

But this used to work on tomcat-6.0.16. The problem is that we encode a base64
value into a cookie and it does contain such characters. It is critical for our
application.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 49252] Reading a cookie with an '=' in the value is truncated

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=49252

--- Comment #7 from Alex Objelean <al...@gmail.com> 2010-05-05 11:14:40 EDT ---
(In reply to comment #6)
> 1. You should search first, before submitting an issue. See bug 44679
> 2. testcase.jsp is not attached
> 3. There is a configuration option to allow equal signs in a cookie value,
> since 6.0.24, see
> http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html
> 
> *** This bug has been marked as a duplicate of bug 44679 ***

Thanks Konstantin!
The org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true solved my problem.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 49252] Reading a cookie with an '=' in the value is truncated

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=49252

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |INVALID

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 49252] Reading a cookie with an '=' in the value is truncated

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=49252

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #1 from Mark Thomas <ma...@apache.org> 2010-05-05 10:01:12 EDT ---
Such a cookie is not specification compliant. Please read the archives or ask
on the users list if you need further assistance.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 49252] Reading a cookie with an '=' in the value is truncated

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=49252

--- Comment #4 from Chuck Caldarale <ch...@unisys.com> 2010-05-05 10:30:41 EDT ---
(In reply to comment #3)
> Not using Base64 character is not an option for us. Is there a work around for
> this problem?

To repeat what the man said:

"Please read the archives or ask on the users list if you need further
assistance."

Bugzilla is not an appropriate forum for discussing application and
configuration issues.

 - Chuck

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org