Hiya
There has been some discussion about cookie parsing errors with
libapreq2 on the modperl list, and Joe Schafer said:
What version of apreq was this? And did you report it to the
apreq-dev@ mailing list?
While I have previously reported the errors I see to the modperl list, I
thought I'd send them here as well.
This is in apache 2.2.4 with libapreq2-2.08, on linux x86_64.
The code I use to parse the cookies is as follows:
------------------------------------------------------------------------
my $req = APR::Request::Apache2->handle( $self->r );
my %cookies;
if ( $req->jar_status =~ /^(?:Missing input data|Success)$/ ) {
my $jar = $req->jar;
foreach my $key ( keys %$jar ) {
$cookies{$key} = $jar->get($key);
}
}
## Send warning with headers to explain bad cookie
else {
warn( "COOKIE ERROR: "
. $req->jar_status . "\n"
. Data::Dumper::Dumper( $self->r->headers_in() ) );
}
------------------------------------------------------------------------
The headers which get passed back to my users look like this:
Set-Cookie:
SID=n4@@GcCoAzMAAF7rnv8AAAAC|d2cb80bdcfcb60a436f99d643349f3fe14e144ec; path=/;
domain=www.xxxx.com
Set-Cookie:
UID=n4@@GcCoAzMAAF7rnv8AAAAC|d2cb80bdcfcb60a436f99d643349f3fe14e144ec; path=/;
domain=www.xxxx.com; expires=Sun, 14-Feb-2010 13:06:36 GMT
We run various sites, all of which have Google Analytics plus usually
some other form of click tracking and advertising, which set their own
cookies.
Below are examples of Cookie headers that caused libapreq to throw one
of two errors:
Conflicting information:
------------------------
'UID=MTj9S8CoAzMAAFEq21YAAAAG|c85a9e59db92b261408eb7539ff7f949b92c7d58;
$Version=0;SID=MTj9S8CoAzMAAFEq21YAAAAG|c85a9e59db92b261408eb7539ff7f949b92c7d58;$Domain=www.xxxx.com;$Path=/'
'UID=Gh9VxX8AAAIAAHP7h6AAAAAC|2e809a9cc99c2dca778c385ebdefc5cb86c95dc3;
SID=Gh9VxX8AAAIAAHP7h6AAAAAC|2e809a9cc99c2dca778c385ebdefc5cb86c95dc3;
$Version=1'
'UID=hCijN8CoAzMAAGVDO2QAAAAF|50299f079343fd6146257c105b1370f2da78246a;
SID=hCijN8CoAzMAAGVDO2QAAAAF|50299f079343fd6146257c105b1370f2da78246a;
$Path="/"; $Domain="www.xxxx.com"'
Expected token not present:
---------------------------
'SID=66XUEH8AAAIAAFmLLRkAAAAV|2a48c4ae2e9fb8355e75192db211f0779bdce244;
UID=66XUEH8AAAIAAFmLLRkAAAAV|2a48c4ae2e9fb8355e75192db211f0779bdce244;
__utma=144149162.4479471199095321000.1234471650.1234471650.1234471650.1;
__utmb=144149162.24.10.1234471650; __utmc=144149162;
__utmz=144149162.1234471650.1.1.utmcsr=szukaj.xxxx.pl|utmccn=(referral)|utmcmd=referral|utmcct=/internet/0,0.html'
'WT_FPC=id=78.148.13.97-777714384.29979421:lv=1234389239171:ss=1234389209078;
UID=ndQ7wcCoAzMAADBMGcwAAAAD|b5258531df5af353b4a83d04ddad6b052a8866ec;
__utma=236807049.987764738711978600.1231894870.1234108075.1234389209.15;
__utmz=236807049.1232715122.8.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=www,xxxx.com'
'sid=...@x38aaaiaafmfgtqaaaaj|c1cabdde0a4f88c471ee7f1b1c3542138f4c61f2;
uid=...@x38aaaiaafmfgtqaaaaj|c1cabdde0a4f88c471ee7f1b1c3542138f4c61f2;
__utma=144149162.4479471199095321000.1234471650.1234471650.1234471650.1;
__utmb=144149162.24.10.1234471650; __utmc=144149162;
__utmz=144149162.1234471650.1.1.utmcsr=szukaj.xxxx.pl|utmccn=(referral)|utmcmd=referral|utmcct=/internet/0,0.html'
'SID=QSRiVn8AAAIAAA3qaCoAAAAJ|ff123ba06ae6de89a6453201465331d05276d153;
UID=QSRiVn8AAAIAAA3qaCoAAAAJ|ff123ba06ae6de89a6453201465331d05276d153;
__utma=144149162.2660401822504105500.1234181059.1234181059.1234181059.1;
__utmb=144149162.5.10.1234181059; __utmc=144149162;
__utmz=144149162.1234181059.1.1.utmcsr=szukaj.xxxx.pl|utmccn=(referral)|utmcmd=referral|utmcct=/internet/0,0.html'
I realise that the cookies themselves may not be compliant, either
because of bad JS or buggy clients, but CGI.pm manages to parse all of
the examples below, in the same way that browsers try to cope with dodgy
HTML. It'd be nice if libapreq were a bit more DWIM.
hope this info helps
thanks
Clint
