https://issues.apache.org/bugzilla/show_bug.cgi?id=44705
Summary: Tomcat 5.5.26 - cookie with colon in name is parsed
incorrectly
Product: Tomcat 5
Version: 5.5.26
Platform: PC
OS/Version: Windows XP
Status: NEW
Keywords: RFC
Severity: critical
Priority: P1
Component: Servlet & JSP API
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
Tomcat 5.5.26 appears to be incorrectly parsing cookies whose name contains a
colon (":"). The portion of the name that prefixes the colon remains, but the
value for the cookie is an empty string.
Tomcat 5.5.25 and earlier:
--------------------------
HTTP request contains header:
Cookie: JSESSIONID=87C7E668C6C15E2556C0977F6EAA9F4C; NFIS:profile=lang=en;
DACS:NFIS:NRCAN:dlewis=usjp1tigSqakP8BnWv
* When the HttpServletRequest.getCookies() is called, a Cookie[] is returned:
Cookie: name="JSESSIONID", value="J87C7E668C6C15E2556C0977F6EAA9F4C"
Cookie: name="NFIS:profile", value="lang:en"
Cookie: name="DACS:NFIS:NRCAN:dlewis", value="usjp1tigSqakP8BnWv"
Tomcat 5.5.26:
--------------
HTTP request contains header:
Cookie: JSESSIONID=87C7E668C6C15E2556C0977F6EAA9F4C; NFIS:profile=lang=en;
DACS:NFIS:NRCAN:dlewis=usjp1tigSqakP8BnWv
* When the HttpServletRequest.getCookies() is called, a Cookie[] is returned:
Cookie: name="JSESSIONID", value="J87C7E668C6C15E2556C0977F6EAA9F4C"
Cookie: name="NFIS", value=""
Cookie: name="DACS", value=""
This issue "breaks" many of the cookies that we use with our applications. The
only solution (for now) is to use Tomcat 5.5.25.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
