Pid,
I'm not using B as the cookie value. A & B go to encode and finally you
have *one *value(C). this value
is sent to addCookie.
C is somthing like:
aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0
On Mon, Dec 7, 2009 at 12:16 PM, Pid <p...@pidster.com> wrote:
> On 06/12/2009 21:51, itay sahar wrote:
>
>> Hi Andre,
>>
>> please see below input and output of:
>> protected String encodeToken(String username, String value)
>> {
>> StringBuilder sb = new StringBuilder();
>> sb.append(username);
>> sb.append(":");
>> sb.append(value);
>> return Base64.encodeBytes(sb.toString().getBytes());
>> }
>>
>> Input is:
>>
>> username= itay.sa...@gmial.com
>> value= 6de5ca4f:1254c461110:-7feb:9135486247122677484
>>
>> Output is (this is what actually addCookie get as parameter):
>>
>> 6de5ca4f:1254c461110:-7feb:9135486247122677484
>>
>> Can you suggest solution ?
>>
>
> Yep.
>
> You are claiming that you are supplying A & B to the encodeToken function,
> but then you are using B as the cookie value.
>
> Try using the value returned from the encodeToken function instead.
> Hint, if it contains a ":" character, it's not Base64 encoded.
>
>
>
> p
>
>
> On Sun, Dec 6, 2009 at 11:28 PM, itay sahar<itay.sa...@gmail.com> wrote:
>>
>> Hi Andre,
>>>
>>> please see below input and output of:
>>> protected String encodeToken(String username, String value)
>>> {
>>> StringBuilder sb = new StringBuilder();
>>> sb.append(username);
>>> sb.append(":");
>>> sb.append(value);
>>> return Base64.encodeBytes(sb.toString().getBytes());
>>> }
>>>
>>> Input is:
>>>
>>> username= itay.sa...@gmial.com
>>>
>>> value= 6de5ca4f:1254c461110:-7feb:9135486247122677484
>>>
>>>
>>> Output is:
>>>
>>>
>>> aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0
>>>
>>>
>>>
>>> Can you suggest solution ?
>>>
>>> On Sat, Dec 5, 2009 at 6:20 PM, André Warnier<a...@ice-sa.com> wrote:
>>>
>>> Mark Thomas wrote:
>>>>
>>>> itay sahar wrote:
>>>>>
>>>>> Caused by: java.lang.IllegalArgumentException: Control character in
>>>>>> cookie
>>>>>> value, consider BASE64 encoding your value
>>>>>> at
>>>>>>
>>>>>>
>>>>>> org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:396)
>>>>>>
>>>>>>
>>>>> To cause this, there must be a character in the value with an ASCII
>>>>> code
>>>>> of less than 0x20 or greater or equal to 0x7f and is not 0x09.
>>>>>
>>>>> You need to fix that first.
>>>>>
>>>>> Then you'll need to worry about Base64 using '=' in cookie values. The
>>>>> value needs to be quoted for this to work. Tomcat will do this
>>>>> automatically if necessary.
>>>>>
>>>>>
>>>>> Mark above is talking about the output value of the Base64 encoder
>>>> which
>>>> you are using, and which you then feed to the response.addCookie(cookie)
>>>> method.
>>>>
>>>> It is not clear (to me) where the used Base64.encodeBytes() method comes
>>>> from. But wherever it comes from, it should encode any input series of
>>>> bytes according to
>>>> http://tools.ietf.org/html/rfc3548#section-3
>>>> which cannot produce "control characters".
>>>> Except that some Base64 encoders, in some cases, will "wrap" the output
>>>> string at 76 bytes, by inserting a CR/LF pair, which are both "control
>>>> characters". (Note that the output string of Base64 is longer than the
>>>> input string, since it encodes 3 consecutive input bytes into 4 output
>>>> bytes.)
>>>> My guess is that this is what happens here, and that could trigger the
>>>> exception above.
>>>> Maybe this Base64.encodeBytes() method has an optional argument which
>>>> would tell it to not wrap the output value ?
>>>>
>>>> Note also that with the code you were showing, the control character(s)
>>>> could presumably be also in "cookiePath".
>>>>
>>>> Why do you not log the cookie value, just before you call
>>>> setCookieValueIfEnabled(String value) ?
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>
>>>>
>>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
