You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/10/05 22:01:22 UTC
[Bug 60208] New: Regression: Cookies whose names match the web
application context are now missing from request.getCookies() result
https://bz.apache.org/bugzilla/show_bug.cgi?id=60208
Bug ID: 60208
Summary: Regression: Cookies whose names match the web
application context are now missing from
request.getCookies() result
Product: Tomcat 8
Version: 8.5.5
Hardware: PC
OS: Linux
Status: NEW
Severity: blocker
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: reda.housnialaoui@gmail.com
Suppose I have an application running at context path '/my-webapp'.
Then I create a basic cookie with name '/my-webapp'.
With Tomcat 8.0.33:
When I try to retrieve it from the application with request.getCookies(), the
cookie is present.
With Tomcat 8.5.5:
When I try to retrieve it from the application with request.getCookies(), the
cookie is missing.
All tests were run on Chrome and Firefox. Both browsers always send the wanted
cookie according to their developer panels.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60208] Regression: Cookies whose names match the web
application context are now missing from request.getCookies() result
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60208
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|REOPENED |RESOLVED
--- Comment #4 from Mark Thomas <ma...@apache.org> ---
This has been fixed in the following branches:
- 9.0.x for 9.0.0.M11 onwards
- 8.5.x for 8.5.6 onwards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60208] Regression: Cookies whose names match the web
application context are now missing from request.getCookies() result
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60208
--- Comment #5 from Réda Housni Alaoui <re...@gmail.com> ---
Thank you
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60208] Regression: Cookies whose names match the web
application context are now missing from request.getCookies() result
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60208
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|INVALID |---
Status|RESOLVED |REOPENED
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Agreed. Generation and parsing should be consistent. '/' was an edge case that
wasn't handled correctly. I'll get that fixed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60208] Regression: Cookies whose names match the web
application context are now missing from request.getCookies() result
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60208
--- Comment #2 from Réda Housni Alaoui <re...@gmail.com> ---
Hello,
Ok I understand.
But why does Tomcat 8.5.5 correctly create the cookie with '/' in its name when
the application asks it?
Don't you think an exception should be thrown at cookie creation in this case?
I think this behaviour lack of consistency.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60208] Regression: Cookies whose names match the web
application context are now missing from request.getCookies() result
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60208
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
As of Tomcat 8.5.x, cookies are processed as per RFC6265.
'/' is not a valid character for a cookie name in RFC6265 so the cookie will be
ignored.
You have the option of fixing the broken cookie or configuring Tomcat to use
the legacy cookie parser.
Further support is available from the Tomcat users mailing list.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org