You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by "Park, Sung-Gu" <je...@thinkfree.com> on 2001/02/07 08:31:33 UTC
Re: Problem with Microsoft Cookies
Hi, BC
I made a patch to solve the cookie problem.
Please, notice that HeaderElement.java is changed.
Well, I don't think we need to have the code to related the variables,
EPARATORS, TOKEN_CHAR,UNSAFE_CHAR.
Thanks,
Sung-Gu
=====================================================
Cookie.java
> import java.text.SimpleDateFormat;
> import java.text.ParsePosition;
<snip>
protected static Cookie[] parse(String domain, Header setCookie)
<snip>
< name.equals("comment")) &&
---
> name.equals("comment") || name.equals("expires")) &&
<snip>
> } else if (name.equals("expires")) {
> /*
> * Following to RFC 2109 for cookie,
> * the Expires date format is "Wdy, DD-Mon-YY HH:MM:SS
GMT".
> * there is one more? Wdy, DD-Mon-YYYY HH:MM:SS GMT
> */
> SimpleDateFormat formatter
> = new SimpleDateFormat ("EEE, dd-MMM-yyyyy
HH:mm:ss z");
> String expiryDate = parameters[j].getValue();
> ParsePosition pos = new ParsePosition(0);
> Date date = formatter.parse(expiryDate, pos);
> cookie.setExpiryDate(date);
=============================================================
HeaderElement.java
public final static HeaderElement[] parse(String headerValue)
<snip>
>
> /*
> * Following to RFC 2109 for cookie,
> * the Expires date format is "Wdy, DD-Mon-YY HH:MM:SS
GMT".
> * Notice that there is ','.
> */
> if (nextToken.trim().toLowerCase().indexOf("expires") > 0)
{
> nextToken += tokenizer.nextToken(";");
> }
>
> /*
> * To make it without the problem with Microsoft Cookies
> */
> if (nextToken.trim().toLowerCase().indexOf("sessionid") >
0) {
> nextToken += tokenizer.nextToken(";");
> }
<snip>
private final static boolean hasOddNumberOfQuotationMarks(String string)
{
boolean odd = false;
< return false;
---
> return odd;
----- Original Message -----
From: "B.C. Holmes" <bc...@roxton.com>
To: "Slide Developer's" <sl...@jakarta.apache.org>
Sent: Friday, January 05, 2001 2:13 PM
Subject: Re: Problem with Microsoft Cookies
| "B.C. Holmes" wrote:
| >
| > satan@totalsync.com wrote:
| > > [about a NullPointerException using cookies and IIS 5.0]
| > >
| > > The cookie Header that it sent to me looks like:
| > > Set-Cookie: sessionid=ed91fc85-4b03-41e8-8fae-988908a8b4b4,0x0;
| > > path=/folder1/folder2
| > >
| > > I believe that it is choking on the ",0x0;" portion, but I am not
sure.
| > > Any ideas?
| >
| > You're almost certainly correct about it choking there, as I
| > believe that the Set-Cookie header violates the spec. A cookie isn't
| > supposed to contain a "," because the comma is used as the separator
| > between different cookies. Thus, the code thinks that 0x0 is the name
| > of a cookie, and is probably throwing a NullPointerException because
| > that cookie has no value. (Yeah, at the very least, it should throw a
| > WebdavException indicating that the cookie is badly formatted).
| >
| > So, if my recollection of the spec is correct, then it's not
| > going to be easy to fix this. But IIS is too significant a server to
| > ignore. Hurm...
|
| Okay, just to be sure... is the IIS server itself generating the
| sessionid, or is there some application code running on the server
| that is generating the sessionid?
|
| The spec (RFC 2109) says that cookies must follow this format:
|
| Set-Cookie: attr "=" value *(";" parameters)
|
| attr = token
|
| value = token | quoted-string
|
| token = 1*<any CHAR except CTLs or tspecials>
|
| tspecials = "(" | ")" | "<" | ">" | "@"
| | "," | ";" | ":" | "\" | <">
| | "/" | "[" | "]" | "?" | "="
| | "{" | "}" | SP | HT
|
| quoted-string = ( <"> *(qdtext) <"> )
|
| So to be valid, the Set-Cookie header should look like this:
|
| Set-Cookie: sessionid="ed91fc85-4b03-41e8-8fae-988908a8b4b4,0x0";
| path="/folder1/folder2"
|
| There is a note in the specification suggesting caution about
| sending quotation marks to clients unless you know that the client
| supports quotation marks... but it doesn't appear to provide any
| guidance about sending values that contain commas.
|
| Still thinking,
| BCing you
| --
| B.C. Holmes \u2625 http://www.bcholmes.org/
| "What makes the hottentot so hot? Who put the ape in apricot?
| Whadda they got that I ain't got?"
| - The Cowardly Lion, _The Wizard of Oz_
|