An application I've written began having a problem about a week ago,
but only when used with Internet Explorer 6 or 7. Prior to about a
week ago everything was working fine and my code has not been
redeployed in weeks.
When users login to my app I write some encrypted data to a cookie.
Throughout the application data stored within the cookie is read,
decrypted, and used. In IE this cookie never seems to get written.
Firefox 1.5 and 2.0 works fine with the app.
I have added a certificate to my HTTPS listener and have changed the
port on the HTTP listener about the same time the code broke.
As a test I wrote two simple JSP pages as follows:
write.jsp:
<[EMAIL PROTECTED] contentType="text/html"%>
<[EMAIL PROTECTED] pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<title>Cookie write test</title>
</head>
<body>
<%
Cookie test = new Cookie("test","abc");
test.setMaxAge(60*60*24);
response.addCookie(test);
Cookie test2 = new Cookie("test2","def");
test2.setMaxAge(60*60*24);
response.addCookie(test2);
Cookie test3 = new Cookie("test3","ghi");
test3.setMaxAge(60*60*24);
response.addCookie(test3);
%>
Test cookies written.
</body>
</html>
read.jsp:
<[EMAIL PROTECTED] contentType="text/html"%>
<[EMAIL PROTECTED] pageEncoding="UTF-8"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<title>Read cookie test</title>
</head>
<body>
<%
Cookie[] allCookies = request.getCookies();
if (allCookies==null)
{
out.println("No cookies present.");
}
else
{
for (int cnum=0; cnum<allCookies.length; cnum++)
{
out.println("Cookie #" + cnum + "<br>");
out.println("Name: " + allCookies[cnum].getName() +
"<br>");
out.println("Value: " + allCookies[cnum].getValue()
+ "<br><hr><br>");
}
}
%>
</body>
</html>
I deployed an app containing these two pages and proceeded to test as
follows:
1) Clear all cookies from browser, shutdown and restart browser.
2) Access read.jsp using HTTP.
3) Access write.jsp using HTTP.
4) Access read.jsp using HTTP.
5) Clear all cookies from browser, shutdown and restart browser.
6) Access read.jsp using HTTPS.
7) Access write.jsp using HTTPS.
8) Access read.jsp using HTTPS.
Using Firefox 1.5 or 2.0 I obtain output as expected. Read initially
reports no cookies, write produces no errors, and the second
accessing of read displays data from my three cookies and
JSESSIONID. This process executes fine regardless of my using HTTP
or HTTPS.
IE 7 appears to produce weird results. The initial read reports no
cookies, the write produces no errors, but the second read access
still displays no cookies. This occurs with both HTTP and HTTPS.
What has me REALLY confused is that I can access the cookies using
the protocol they've haven't been written using. For example, if I
access write.jsp using HTTP, read.jsp using HTTPS will show my cookies.
I'm completely stumped. Does anyone have any suggestions?
Thanks,
Bob
