>Number: 3870 >Category: mod_jserv >Synopsis: cookie values are handled incorrect if "=" is within the value >Confidential: no >Severity: serious >Priority: medium >Responsible: jserv >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Feb 10 07:50:00 PST 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: apache_1.2.6 >Environment: SunOS mattias.kontakt.slu.se 5.6 Generic_105181-08 sun4u sparc SUNW,Ultra-5_10 >Description: This is a bug that is fixed in JAVA-webserver 1.1.3
http://developer.java.sun.com/developer/bugParade/bugs/4174974.html It is to me not clear if it is a JSDK-bug or a bugg in jserv. >How-To-Repeat: Here is my copy of the SessionServlet-example that comes with JSDK: http://mattias.kontakt.slu.se/servlets/SessionServlet Go there and see that it works with session using cookies. Then _CLOSE_ Netscpae and add this row to your cookies.txt file: .slu.se TRUE / FALSE 2051222400 SITESERVER ID=f202122849dc7a9bc2e4f6d6848f05f5 Start Netscape again and go back to : http://mattias.kontakt.slu.se/servlets/SessionServlet Now only URL rewriting works, and not session using cookies! _CLOSE_ Netscpae again and edit the row in cookies.txt to: .slu.se TRUE / FALSE 2051222400 SITESERVER ID-f202122849dc7a9bc2e4f6d6848f05f5 Note ID=f202122849dc7a9bc2e4f6d6848f05f5 is changed to ID-f202122849dc7a9bc2e4f6d6848f05f5 Go back to the SessionServlet. Now sessions using cookies works again. The .slu.se-cookie is not set by my server. And I have no idea who sets that cookie. >Fix: There are ways to fix it described on: http://developer.java.sun.com/developer/bugParade/bugs/4174974.html >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
