Application Server 7
  1. Application Server 7
  2. AS7-1625

Cookies version 0 value rejected by org.apache.tomcat.util.http.Cookies

    Details

    • Type: Bug Bug
    • Status: Closed Closed (View Workflow)
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: 7.0.1.Final, 7.1.1.Final
    • Fix Version/s: 7.1.2.Final (EAP)
    • Component/s: Web
    • Labels:
    • Environment:
      standalone
    • Similar Issues:
      Show 10 results 

      Description

      I have a cookie in browser which was set for redhat.com, so my AS 7 on ozizka.brq.redhat.com is receiving it to.
      Now that "version 0" cookie contains characters illegal acc. to RFC-2109 and RFC-2068:

      Cookie: s_vi=[CS]v1|261............[CE];  ...
      

      AS 7 logs:

      22:18:13,365 INFO  [org.apache.tomcat.util.http.Cookies] (http--0.0.0.0-8080-2) Cookies: Invalid cookie. Value not a token or quoted value
      

      I haven't checked whether only the single value is discarded or all cookies.

      Possibly related: JBPAPP-5813

      Some related links:
      Discussion http://old.nabble.com/DO-NOT-REPLY--Bug-49525--New%3A-IE8%3A-Unabled-to-store-data-in-HttpSession-%28root-context%29-td29030364.html
      and bug https://issues.apache.org/bugzilla/show_bug.cgi?id=49525
      about Tomcat 7's bug.

        Activity

        Hide
        Ondrej Zizka
        added a comment -

        Still present in AS 7.1.1.

        Show
        Ondrej Zizka
        added a comment - Still present in AS 7.1.1.
        Hide
        Ondrej Zizka
        added a comment -

        Remy, could you please add a link to parser config? Or any way to avoid this other than logging config.

        Show
        Ondrej Zizka
        added a comment - Remy, could you please add a link to parser config? Or any way to avoid this other than logging config.
        Hide
        Ondrej Zizka
        added a comment - - edited

        org.apache.tomcat.util.http.Cookie#processCookieHeader() needs rewrite, IMO.

        Show
        Ondrej Zizka
        added a comment - - edited org.apache.tomcat.util.http.Cookie#processCookieHeader() needs rewrite, IMO.
        Hide
        Remy Maucherat
        added a comment -

        Why is using valid cookies never an option, and why is the server that doesn't accept them always getting the blame ?

        BTW, org.apache.tomcat.util.http.Cookie#processCookieHeader() is not getting rewritten since it got rewritten recently with plenty of options (like ALLOW_HTTP_SEPARATORS_IN_V0).

        Show
        Remy Maucherat
        added a comment - Why is using valid cookies never an option, and why is the server that doesn't accept them always getting the blame ? BTW, org.apache.tomcat.util.http.Cookie#processCookieHeader() is not getting rewritten since it got rewritten recently with plenty of options (like ALLOW_HTTP_SEPARATORS_IN_V0).
        Hide
        Ondrej Zizka
        added a comment -

        Ok, thanks for the hint which led me to:

        bin/standalone.sh -Dorg.apache.tomcat.util.http.ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0=true
        

        which solves this. Closing.

        Show
        Ondrej Zizka
        added a comment - Ok, thanks for the hint which led me to: bin/standalone.sh -Dorg.apache.tomcat.util.http.ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0= true which solves this. Closing.

          People

          • Assignee:
            Remy Maucherat
            Reporter:
            Ondrej Zizka
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: