You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Jean-frederic Clere <jf...@gmail.com> on 2006/06/16 23:35:07 UTC

rfc2109 and TC cookies

Hi,

I have been reading rfc2109 it gives an examples of cooky like (as the 
spec's states):
+++
Cookie: $Version="1"; Part_Number="Rocket_Launcher_0001"; $Path="/acme"
+++

But TC sends:
+++
jfclere@jfcexpert:~/apache-tomcat-5.5.15$ telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /servlets-examples/servlet/SessionExample HTTP/1.1
Host: localhost

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=7C9C55FDF8C059730F723F1BB6A4DCEE; 
Path=/servlets-examples
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 1272
Date: Fri, 16 Jun 2006 21:09:13 GMT

<html>
+++

Are both Path and $Path correct?
BTW: In mod_jk it seems we ignore Path, is that correct?
The idea behind is to understand how to process something like:
JSESSIONID=bli; Path=/a/b
JSESSIONID=bla; Path=/a


Cheers

Jean-Frederic

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: rfc2109 and TC cookies

Posted by Jean-frederic Clere <jf...@gmail.com>.

Filip Hanik - Dev Lists wrote:

> Jean-frederic Clere wrote:
>
>> Hi,
>>
>> I have been reading rfc2109 it gives an examples of cooky like (as 
>> the spec's states):
>> +++
>> Cookie: $Version="1"; Part_Number="Rocket_Launcher_0001"; $Path="/acme"
>> +++
>
> not sure where that syntax comes from, from what I read it looks
> 4.2.2 Set-Cookie Syntax
>
>
>   The syntax for the Set-Cookie response header is
>
>   set-cookie      =       "Set-Cookie:" cookies
>   cookies         =       1#cookie
>   cookie          =       NAME "=" VALUE *(";" cookie-av)
>   NAME            =       attr
>   VALUE           =       value
>   cookie-av       =       "Comment" "=" value
>                   |       "Domain" "=" value
>                   |       "Max-Age" "=" value
>                   |       "Path" "=" value
>                   |       "Secure"
>                   |       "Version" "=" 1*DIGIT
>
> without the "$"

Yep. The "browser" send $Path and the server Path, sorry my bad.

Cheers

Jean-Frederic

>>
>> But TC sends:
>> +++
>> jfclere@jfcexpert:~/apache-tomcat-5.5.15$ telnet localhost 8080
>> Trying 127.0.0.1...
>> Connected to localhost.
>> Escape character is '^]'.
>> GET /servlets-examples/servlet/SessionExample HTTP/1.1
>> Host: localhost
>>
>> HTTP/1.1 200 OK
>> Server: Apache-Coyote/1.1
>> Set-Cookie: JSESSIONID=7C9C55FDF8C059730F723F1BB6A4DCEE; 
>> Path=/servlets-examples
>> Content-Type: text/html;charset=ISO-8859-1
>> Content-Length: 1272
>> Date: Fri, 16 Jun 2006 21:09:13 GMT
>>
>> <html>
>> +++
>>
>> Are both Path and $Path correct?
>
> see above, correct is Path
>
>> BTW: In mod_jk it seems we ignore Path, is that correct?
>
> mod_jk only reads the cookie, the Path is something that the browser 
> looks at to decide whether to send the cookie to the server or not
>
>> The idea behind is to understand how to process something like:
>> JSESSIONID=bli; Path=/a/b
>> JSESSIONID=bla; Path=/a
>
> I think the cookie name is unique, you can't have two cookies with the 
> same name
>
>>
>>
>> Cheers
>>
>> Jean-Frederic
>
> Filip
>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: dev-help@tomcat.apache.org
>>
>>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

RE: rfc2109 and TC cookies

Posted by Bill Barker <wb...@wilshire.com>.

 

> -----Original Message-----
> From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com] 
> Sent: Friday, June 16, 2006 2:50 PM
> To: Tomcat Developers List
> Subject: Re: rfc2109 and TC cookies
> 
> Jean-frederic Clere wrote:
> > Hi,
> >
> > I have been reading rfc2109 it gives an examples of cooky 
> like (as the 
> > spec's states):
> > +++
> > Cookie: $Version="1"; Part_Number="Rocket_Launcher_0001"; 
> $Path="/acme"
> > +++
> not sure where that syntax comes from, from what I read it looks
> 4.2.2 Set-Cookie Syntax
> 
> 
>    The syntax for the Set-Cookie response header is
> 
>    set-cookie      =       "Set-Cookie:" cookies
>    cookies         =       1#cookie
>    cookie          =       NAME "=" VALUE *(";" cookie-av)
>    NAME            =       attr
>    VALUE           =       value
>    cookie-av       =       "Comment" "=" value
>                    |       "Domain" "=" value
>                    |       "Max-Age" "=" value
>                    |       "Path" "=" value
>                    |       "Secure"
>                    |       "Version" "=" 1*DIGIT
> 
> without the "$"

Yes, Set-Cookie is like this.  It's the Cookie Header that has the $Path in
it.  Most browsers don't bother to send the $Path with the Cookie Header,
but Tomcat would handle it correctly if one did.  

> >
> > But TC sends:
> > +++
> > jfclere@jfcexpert:~/apache-tomcat-5.5.15$ telnet localhost 8080
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape character is '^]'.
> > GET /servlets-examples/servlet/SessionExample HTTP/1.1
> > Host: localhost
> >
> > HTTP/1.1 200 OK
> > Server: Apache-Coyote/1.1
> > Set-Cookie: JSESSIONID=7C9C55FDF8C059730F723F1BB6A4DCEE; 
> > Path=/servlets-examples
> > Content-Type: text/html;charset=ISO-8859-1
> > Content-Length: 1272
> > Date: Fri, 16 Jun 2006 21:09:13 GMT
> >
> > <html>
> > +++
> >
> > Are both Path and $Path correct?
> see above, correct is Path
> > BTW: In mod_jk it seems we ignore Path, is that correct?
> mod_jk only reads the cookie, the Path is something that the browser 
> looks at to decide whether to send the cookie to the server or not
> > The idea behind is to understand how to process something like:
> > JSESSIONID=bli; Path=/a/b
> > JSESSIONID=bla; Path=/a
> I think the cookie name is unique, you can't have two cookies 
> with the 
> same name
> >
> >
> > Cheers
> >
> > Jean-Frederic
> Filip
> 
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: dev-help@tomcat.apache.org
> >
> >
> 
> 
> -- 
> 
> 
> Filip Hanik
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 
> 
> 



This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL.  If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: rfc2109 and TC cookies

Posted by Filip Hanik - Dev Lists <de...@hanik.com>.

Jean-frederic Clere wrote:
> Hi,
>
> I have been reading rfc2109 it gives an examples of cooky like (as the 
> spec's states):
> +++
> Cookie: $Version="1"; Part_Number="Rocket_Launcher_0001"; $Path="/acme"
> +++
not sure where that syntax comes from, from what I read it looks
4.2.2 Set-Cookie Syntax


   The syntax for the Set-Cookie response header is

   set-cookie      =       "Set-Cookie:" cookies
   cookies         =       1#cookie
   cookie          =       NAME "=" VALUE *(";" cookie-av)
   NAME            =       attr
   VALUE           =       value
   cookie-av       =       "Comment" "=" value
                   |       "Domain" "=" value
                   |       "Max-Age" "=" value
                   |       "Path" "=" value
                   |       "Secure"
                   |       "Version" "=" 1*DIGIT

without the "$"
>
> But TC sends:
> +++
> jfclere@jfcexpert:~/apache-tomcat-5.5.15$ telnet localhost 8080
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> GET /servlets-examples/servlet/SessionExample HTTP/1.1
> Host: localhost
>
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> Set-Cookie: JSESSIONID=7C9C55FDF8C059730F723F1BB6A4DCEE; 
> Path=/servlets-examples
> Content-Type: text/html;charset=ISO-8859-1
> Content-Length: 1272
> Date: Fri, 16 Jun 2006 21:09:13 GMT
>
> <html>
> +++
>
> Are both Path and $Path correct?
see above, correct is Path
> BTW: In mod_jk it seems we ignore Path, is that correct?
mod_jk only reads the cookie, the Path is something that the browser 
looks at to decide whether to send the cookie to the server or not
> The idea behind is to understand how to process something like:
> JSESSIONID=bli; Path=/a/b
> JSESSIONID=bla; Path=/a
I think the cookie name is unique, you can't have two cookies with the 
same name
>
>
> Cheers
>
> Jean-Frederic
Filip

>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>


-- 


Filip Hanik

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org