You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by "Park, Sung-Gu" <je...@thinkfree.com> on 2001/02/07 08:31:33 UTC

Re: Problem with Microsoft Cookies

Hi, BC

I made a patch to solve the cookie problem.
Please, notice that HeaderElement.java is changed.

Well, I don't think we need to have the code to related  the variables,
EPARATORS, TOKEN_CHAR,UNSAFE_CHAR.

Thanks,

Sung-Gu

=====================================================

Cookie.java

> import java.text.SimpleDateFormat;
> import java.text.ParsePosition;
<snip>

    protected static Cookie[] parse(String domain, Header setCookie)
<snip>

<                       name.equals("comment")) &&
---
>                       name.equals("comment") || name.equals("expires")) &&
<snip>

>                 } else if (name.equals("expires")) {
>                     /*
>                      * Following to RFC 2109 for cookie,
>                      * the Expires date format is "Wdy, DD-Mon-YY HH:MM:SS
GMT".
>                      * there is one more?  Wdy, DD-Mon-YYYY HH:MM:SS GMT
>                      */
>                     SimpleDateFormat formatter
>                         = new SimpleDateFormat ("EEE, dd-MMM-yyyyy
HH:mm:ss  z");
>                     String expiryDate = parameters[j].getValue();
>                     ParsePosition pos = new ParsePosition(0);
>                     Date date = formatter.parse(expiryDate, pos);
>                     cookie.setExpiryDate(date);

=============================================================

HeaderElement.java

    public final static HeaderElement[] parse(String headerValue)
<snip>
>
>                 /*
>                  * Following to RFC 2109 for cookie,
>                  * the Expires date format is "Wdy, DD-Mon-YY HH:MM:SS
GMT".
>                  * Notice that there is ','.
>                  */
>                 if (nextToken.trim().toLowerCase().indexOf("expires") > 0)
{
>                     nextToken += tokenizer.nextToken(";");
>                 }
>
>                /*
>                 * To make it without the problem with Microsoft Cookies
>                 */
>                if (nextToken.trim().toLowerCase().indexOf("sessionid") >
0) {
>                    nextToken += tokenizer.nextToken(";");
>                }


<snip>
    private final static boolean hasOddNumberOfQuotationMarks(String string)
{
        boolean odd = false;

<         return false;
---
>         return odd;



----- Original Message -----
From: "B.C. Holmes" <bc...@roxton.com>
To: "Slide Developer's" <sl...@jakarta.apache.org>
Sent: Friday, January 05, 2001 2:13 PM
Subject: Re: Problem with Microsoft Cookies


| "B.C. Holmes" wrote:
| >
| > satan@totalsync.com wrote:
| > > [about a NullPointerException using cookies and IIS 5.0]
| > >
| > > The cookie Header that it sent to me looks like:
| > > Set-Cookie: sessionid=ed91fc85-4b03-41e8-8fae-988908a8b4b4,0x0;
| > > path=/folder1/folder2
| > >
| > > I believe that it is choking on the ",0x0;" portion, but I am not
sure.
| > > Any ideas?
| >
| >      You're almost certainly correct about it choking there, as I
| > believe that the Set-Cookie header violates the spec.  A cookie isn't
| > supposed to contain a "," because the comma is used as the separator
| > between different cookies.  Thus, the code thinks that 0x0 is the name
| > of a cookie, and is probably throwing a NullPointerException because
| > that cookie has no value.  (Yeah, at the very least, it should throw a
| > WebdavException indicating that the cookie is badly formatted).
| >
| >      So, if my recollection of the spec is correct, then it's not
| > going to be easy to fix this.  But IIS is too significant a server to
| > ignore.  Hurm...
|
|      Okay, just to be sure... is the IIS server itself generating the
| sessionid, or is there some application code running on the server
| that is generating the sessionid?
|
|      The spec (RFC 2109) says that cookies must follow this format:
|
| Set-Cookie: attr "=" value *(";" parameters)
|
| attr           = token
|
| value          = token | quoted-string
|
| token          = 1*<any CHAR except CTLs or tspecials>
|
| tspecials      = "(" | ")" | "<" | ">" | "@"
|                | "," | ";" | ":" | "\" | <">
|                | "/" | "[" | "]" | "?" | "="
|                | "{" | "}" | SP | HT
|
| quoted-string  = ( <"> *(qdtext) <"> )
|
|      So to be valid, the Set-Cookie header should look like this:
|
| Set-Cookie: sessionid="ed91fc85-4b03-41e8-8fae-988908a8b4b4,0x0";
| path="/folder1/folder2"
|
|      There is a note in the specification suggesting caution about
| sending quotation marks to clients unless you know that the client
| supports quotation marks... but it doesn't appear to provide any
| guidance about sending values that contain commas.
|
| Still thinking,
| BCing you
| --
| B.C. Holmes             \u2625               http://www.bcholmes.org/
| "What makes the hottentot so hot?  Who put the ape in apricot?
|  Whadda they got that I ain't got?"
|            - The Cowardly Lion, _The Wizard of Oz_
|