Bug 45272 - Version 1 cookie not persisted in IE
Summary: Version 1 cookie not persisted in IE
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 5.5.26
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-24 10:56 UTC by Dave
Modified: 2008-06-30 13:05 UTC (History)
0 users



Attachments
Patch for IE cookie behavior (3.24 KB, patch)
2008-06-26 11:26 UTC, Filip Hanik
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dave 2008-06-24 10:56:24 UTC
A cookie with value "MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D"
and version 1 is persisted correctly and returned using tomcat 5.5.26 and Firefox but not persisted using tomcat 5.5.26 and IE.

This issue is not present in 5.5.25.
Comment 1 Filip Hanik 2008-06-25 09:03:23 UTC
Here is my JSP

<%@ page import="javax.servlet.http.*" %>
<%
Cookie[] myCookies = request.getCookies();

  for(int n=0; myCookies!=null && n < myCookies.length; n++)
  {
    out.print(myCookies[n].getName() + " : ");
    out.print(myCookies[n].getValue() + "<BR>");
  }

 Cookie c = new Cookie("TestCookie","MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D");
 c.setVersion(1);
 response.addCookie(c);
%>

and here is the IE output

JSESSIONID : 335EF2DF68ED0A12A148AB2A63CCC528
TestCookie : MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D
Comment 2 Dave 2008-06-25 09:32:43 UTC
Here's a reproducible test case, with a path of "/" and version 1 the cookie is not persisted in IE, with the same path and no version the cookie is persisted.  Both cookies are persisted in FireFox

<%@ page import="javax.servlet.http.*" %>
<%
Cookie[] myCookies = request.getCookies();

  for(int n=0; myCookies!=null && n < myCookies.length; n++)
  {
    out.print(myCookies[n].getName() + " : ");
    out.print(myCookies[n].getValue() + "<BR>");
  }

 Cookie version0Cookie = new Cookie(
		 "TestCookiev0" + (new java.util.Date()).getTime(),
		 "MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D");
 version0Cookie.setPath("/");
 // version2Cookie.setVersion(1);
 response.addCookie(version0Cookie);

 Cookie version1Cookie = new Cookie(
		 "TestCookiev1" + (new java.util.Date()).getTime(),
		 "MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D");
 version1Cookie.setPath("/");
 version1Cookie.setVersion(1);
 response.addCookie(version1Cookie);
%>
Comment 3 Dave 2008-06-25 09:37:50 UTC
IE output from tomcat 5.5.25
JSESSIONID : C286C4880C485442FB839DA4A8611A9A
TestCookiev01214411760128 : MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D
TestCookiev11214411760129 : MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D
TestCookiev01214411761646 : MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D
TestCookiev11214411761647 : MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D



IE Output from tomcat 5.5.26
JSESSIONID : E7921B0F67630CC435B7E970D7D008D0
TestCookiev01214411874807 : MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D
TestCookiev01214411876520 : MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D
Comment 4 Filip Hanik 2008-06-25 13:39:15 UTC
I see what is happening, IE is probably rejecting the quoted path value

Set-Cookie: TestCookiev01214425641703=MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D; Path=/
Set-Cookie: TestCookiev11214425641703=MIGCBgkrBgEEAYI3WAOgdTBzBgorBgEEAYI3WAMBoGUwYwIDAgABAgJmAwICAMAECN7UUhW1gKdu%0ABBBgywr0Nm%2FxNVdoCHCcNMB2BDiF%2FIwn6i47%2B1H0fKHpkJeDVFhEvyYKke1zTGupImD7r2JOcdo%2F%0A6%2FK85sELQu%2BbOW%2BH9lhDfwdxHA%3D%3D; Version=1; Path="/"


I will take a look at it

best
Filip
Comment 5 Filip Hanik 2008-06-25 13:54:01 UTC
temporary work around is to leave out the 
setPath("/");

it seems to be IE mishandling a quoted path value, which is supported by the spec, I will let you know when I dug deeper into the problem

Filip
Comment 6 Filip Hanik 2008-06-25 14:15:14 UTC
One potential fix is to treat the path value for quoting as v0 

Index: java/org/apache/tomcat/util/http/ServerCookie.java
===================================================================
--- java/org/apache/tomcat/util/http/ServerCookie.java  (revision 671643)
+++ java/org/apache/tomcat/util/http/ServerCookie.java  (working copy)
@@ -299,7 +299,7 @@
         // Path=path
         if (path!=null) {
             buf.append ("; Path=");
-            maybeQuote2(version, buf, path);
+            maybeQuote2(0, buf, path);
         }

         // Secure

and that will only quote the path if it contains :; or a space

however, this again, opens up the wormhole of 
setPath("/=somepath==");

and would break, potentially, the javax.servlet.http.Cookie.setPath should do a check

will come back
Comment 7 Filip Hanik 2008-06-26 11:26:26 UTC
Created attachment 22180 [details]
Patch for IE cookie behavior

Patch checked into trunk, proposed for backport to 6.0
Comment 8 Filip Hanik 2008-06-30 13:05:04 UTC
Fixed in 6.0.x
will be available in 6.0.17 onward