Multiple word phrases (like Online Query) saved in a cookie are quoted when retrieved. See example below ... Enter: Online Query Click Submit. Submit saves the value in a cookie to be later used in search. Return to search page which will fetch cookie value and place in appropriate input box. The value is now displayed as: "Online Query" Granted that this is the integrated version of Tomcat in Netbeans but I wanted to report this here as well as with Netbeans. Using JSDK 1.4.2_08 Thanks
I don't think it's a Tomcat bug. You can look and test the simple cookie example servlet that ships with Tomcat to see for yourself.
Hello, I want to re-open this case because I'm running into the same problem. I'm porting a large app to tomcat and can't go any further until this is fixed. I've written a separate app that contains a jsp file with a form and a servlet. That's it. All the servlet does is set the cookie and include the jsp. If I use a cookie value without spaces then then there are no quotes. If I use a value with spaces than quotes are automatically put around the value. I also get the same results with commas. I have not tried any other characters. I would like to help get this resolved, so please feel free to contact me about this. Thank you, Steve.
Please attach the minimal WAR you mention with the one servlet and JSP to this issue so that we can reproduce your results. Please confirm your report is true for an out-of-the-box Tomcat 5.5.12 installation in stand-alone mode, i.e. without NetBeans or another IDE. Please confirm that the cookie example servlet that ships with Tomcat does NOT show quotes on your screen. It doesn't for me, which is why this issue was initially closed, but perhaps it strips out the quotes along the way. Then, if you really want to help, a patch would be nice ;)
Created attachment 17118 [details] web application After submitting the form. check your cookie values. It is a session cookie so it will disappear after you close your browser.
Hello, I've downloaded 5.5.12 and have tested the app and it acts the same way as the other version. Can you direct me to the package(s) that handle the tomcat cookie parsing? I'm going to need a little direction since I haven't done any core tomcat development. Thank you.
(In reply to comment #5) > Hello, > I've downloaded 5.5.12 and have tested the app and it acts the same way as the > other version. > Can you direct me to the package(s) that handle the tomcat cookie parsing? > I'm going to need a little direction since I haven't done any core tomcat > development. > Thank you. It's in o.a.t.u.http.ServerCookie. You'll find it under connectors/util/java in the source distro.
Please have a look at the following specs http://www.faqs.org/rfcs/rfc2068.html , If the cookies contains the special characters they should be quoted , that is what have been implemented . Regards Vicky
Vicky, Could you be so kind as to point out which section? Thanks
Hello, Do you believe that if I set a cookie to a certain value in an application, then when I go to read the cookie, I should be given the same value that I set or a different value? I believe that if I set the cookie value to a,b,c,d,e then I should get a,b,c,d,e returned back to me when I read the cookie. In my applications, I should not have to take into considderation that the cookie may have been escaped. The application server should take care of that for me. Do you agree?
Sorry, I'm going to read into this rfc a little and continue to research it. Thank you.
Hello, I've just looked at the rfc you've pointed me to and I think you are referring to section 2.2. That is the section where they talk about basic rule about constructing a http header. From my understanding of the rfc, if a http header value contains special characters then the http header value needs to be quoted to escape it. I set the cookie and monitored the output of the http header. This is what I got. Set-Cookie: ServletCookieVar="asfasf asdf asf asdf" By the looks of it, You're not quoting the http header value. You're quoting the cookie value. If you were to quote the header value, then the header would look like this. Notice the position of the quotes. Set-Cookie: "ServletCookieVar=asfasf asdf asf asdf" Am I correct to assume that this is what the header should look like? Does this seem correct or am I reading the wrong part of the rfc? regards, Steve.
I seem to be saying sorry al lot. I guess I shouldn't say yours. You're probably not the person that wrote that code, so please do not think I'm attacking you. I'm just trying to justify what's happening and fix the bug ASAP. Also, I'm not attacking the person who did write the code. It's all in how the person interprets the rfc. Thank you, Steve.
This is fixed now in SVN trunk, and hopefully will even make the cutoff for inclusion in 5.5.14.
William, Thank you very much for taking care of it. I was looking at the class you pointed me to but have not had enough time to narrow down exactly which methods I needed to modify. Thank you, Steve.
Hi Steave, As pointed by Willaim that the fix will come with 5.5.14 I think you will have to wait till that. I can understand this to be a critical requirement for you so I think we can ask William for the changes for the fix so that you can apply it , but this will be a bit of risk . Now looking at the code I can understand that 1) Some changes to me made at appendCookieValue method , precisely at buf.append( name ); buf.append("="); maybeQuote(version, buf, value); The appendCookieValue gets called from the addCookie of the org.apache.catalina.connector.Response , you make a call to this when you are adding a cookie . 2) maybeQuote is having a version parameter which is not used at all , can this be removed too ? This is not relevant to this bug . I have done just a initial investigation. BTW are the changes done to this bug or it is yet to be done , incase of later then I think we can help Steave and the same changes can be committed to CVS for Tomcat 5.5.14 Regards Vicky