You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2013/08/06 20:03:25 UTC
[Bug 55371] New: Cookies retrieved from tomcat server is not correct
https://issues.apache.org/bugzilla/show_bug.cgi?id=55371
Bug ID: 55371
Summary: Cookies retrieved from tomcat server is not correct
Product: Tomcat 6
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: critical
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: raginiSingh.2006@gmail.com
Hi,
I am using Tomcat 5.5.23 on RHEL5 and I am facing the same issue. The cookie we
use is encrypted and looks like:
"gAAAAQDAgEBAAAAvAIAAAAAAAAsAAAABABTaGRyAk4Aawg4AC4AMQAwABT+Np6GOVSAJB8Qx02=="
When the cookie is retrieved it looses the "==" at the end.
We are also using
Tomcat 4.1.24, Tomcat 6.0.14 on Solaris machines
Tomcat 6.0.2 on Windows
and the same piece of code is working fine there and the cookie is retrieved
correctly. I wanted to know if there is a fix for this in Tomcat 5.5.x version
or will I need to upgrade to higher versions of Tomcat. This step is critical
in our application.
Thank you,
RS
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55371] Cookies retrieved from tomcat server is not correct
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55371
--- Comment #2 from raginiSingh.2006@gmail.com ---
Thank you Nick for the response. We are in process of upgrade and I was wanting
to know which latest version of Tomcat would resolve this issue.
RS
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55371] Cookies retrieved from tomcat server is not correct
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55371
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Your cookie is invalid. The specifications do not permit the equals character
in a cookie value unless the value is correctly quoted.
Newer versions of Tomcat support the
org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE system property
but be aware allowing equals characters may introduce security issues.
The users list is the place to ask if you need more help.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 55371] Cookies retrieved from tomcat server is not correct
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55371
--- Comment #1 from Nick Williams <ni...@nicholaswilliams.net> ---
Tomcat 4.1.x is 9 years old and hasn't been supported for years. Any system
running it is extremely vulnerable and must upgrade immediately. We cannot help
you with it.
Tomcat 5.5 is 9 years old and 5.5.23 is 5 years old. Supported ended for the
5.5 line in September of 2012. Any system running it is extremely vulnerable
and must upgrade immediately.
Tomcat 6.0.2 and 6.0.14 are both 6 years old. Any system running them is
extremely vulnerable and must upgrade immediately. The latest Tomcat 6 version
is 6.0.37. You should be running it or, better, 7.0.42.
There have been thousands of bugs fixed since the versions you are using, and
the problem you are indicating is likely one of them. Please upgrade.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org