You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Stuart Roebuck <st...@adolos.co.uk> on 2001/12/07 14:33:07 UTC

[4.0.1+][PATCH] http10/HttpProcessor.java - lost cookies bug

I've been loosing cookies running Cocoon under Tomcat 4 and have tracked 
the problem down to the HTTP 1.0 Processor class.

The current code throws away any cookies after the first session id is 
found.

Here's a patch which aught to work:

> Index: 
> catalina/src/share/org/apache/catalina/connector/http10/HttpProcessor.java
> ===================================================================
> RCS file: /home/cvspublic/jakarta-
> tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http10/HttpProcessor.
> java,v
> retrieving revision 1.5
> diff -u -r1.5 HttpProcessor.java
> --- catalina/src/share/org/apache/catalina/connector/http10/HttpProcessor.
> java	2001/11/09 19:38:44	1.5
> +++ catalina/src/share/org/apache/catalina/connector/http10/HttpProcessor.
> java	2001/12/07 13:03:26
> @@ -464,16 +464,16 @@
>                  for (int i = 0; i < cookies.length; i++) {
>                      if (cookies[i].getName().equals
>                          (Globals.SESSION_COOKIE_NAME)) {
> -
> -                        // Override anything requested in the URL
> -                        
> request.setRequestedSessionId(cookies[i].getValue());
> -                        request.setRequestedSessionCookie(true);
> -                        request.setRequestedSessionURL(false);
> -                        if (debug >= 1)
> -                          log(" Requested cookie session id is " +
> -                              ((HttpServletRequest) 
> request.getRequest()).getRequestedSessionId());
> -                        break;  // Accept only the first session id value
> -
> +                        // If there is more than one session id cookie, 
> only use the first one.
> +                        if (!request.isRequestedSessionIdFromCookie()   
>                     ) {
> +                            // Override anything requested in the URL
> +                            
> request.setRequestedSessionId(cookies[i].getValue());
> +                            request.setRequestedSessionCookie(true);
> +                            request.setRequestedSessionURL(false);
> +                            if (debug >= 1)
> +                            log(" Requested cookie session id is " +
> +                                ((HttpServletRequest) request.getRequest(
> )).getRequestedSessionId());
> +                        }
>                      }
>                      request.addCookie(cookies[i]);
>                  }

Re: [4.0.1+][PATCH] http10/HttpProcessor.java - lost cookies bug

Posted by Stuart Roebuck <st...@adolos.co.uk>.

Apologies for a small bug in my last patch, I looked at the number of 
extra libraries you have to install in the installation read me and 
thought, "ahhhhhhhhh!".  Consequently I hadn't tried the code and missed 
off a cast.

Here's the new patch, I ended up compiling it on it's own, unpacking the 
existing JAR and substituting in the new class, and it seems to work.

Stuart.

> Index: 
> catalina/src/share/org/apache/catalina/connector/http10/HttpProcessor.java
> ===================================================================
> RCS file: /home/cvspublic/jakarta-
> tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http10/HttpProcessor.
> java,v
> retrieving revision 1.5
> diff -u -r1.5 HttpProcessor.java
> --- catalina/src/share/org/apache/catalina/connector/http10/HttpProcessor.
> java	2001/11/09 19:38:44	1.5
> +++ catalina/src/share/org/apache/catalina/connector/http10/HttpProcessor.
> java	2001/12/07 14:59:53
> @@ -464,16 +464,16 @@
>                  for (int i = 0; i < cookies.length; i++) {
>                      if (cookies[i].getName().equals
>                          (Globals.SESSION_COOKIE_NAME)) {
> -
> -                        // Override anything requested in the URL
> -                        
> request.setRequestedSessionId(cookies[i].getValue());
> -                        request.setRequestedSessionCookie(true);
> -                        request.setRequestedSessionURL(false);
> -                        if (debug >= 1)
> -                          log(" Requested cookie session id is " +
> -                              ((HttpServletRequest) 
> request.getRequest()).getRequestedSessionId());
> -                        break;  // Accept only the first session id value
> -
> +                        // If there is more than one session id cookie, 
> only use the first one.
> +                        if (!( (HttpRequestImpl) 
> request).isRequestedSessionIdFromCookie()) {
> +                            // Override anything requested in the URL
> +                            
> request.setRequestedSessionId(cookies[i].getValue());
> +                            request.setRequestedSessionCookie(true);
> +                            request.setRequestedSessionURL(false);
> +                            if (debug >= 1)
> +                            log(" Requested cookie session id is " +
> +                                ((HttpServletRequest) request.getRequest(
> )).getRequestedSessionId());
> +                        }
>                      }
>                      request.addCookie(cookies[i]);
>                  }