Wicket
  1. Wicket
  2. WICKET-1834

Invalid Cookie Names for persistence used according to RFC (doesn't work in tomcat 6.x)

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.4-M3
    • Fix Version/s: 1.3.5, 1.4-RC1
    • Component/s: wicket
    • Labels:
      None

      Description

      Wicket uses ":" to build up the cookie name out of different components (e.g."signInPanel:signInForm:username"). This violates the cookie spec (RFC 2965 and RFC 2616). According to this spec a cookie must be an av-pair

      av-pairs = av-pair *(";" av-pair)
      av-pair = attr ["=" value] ; optional value
      attr = token
      value = token | quoted-string

      and token is:

      token = 1*<any CHAR except CTLs or separators>
      separators = "(" | ")" | "<" | ">" | "@"

      "," ";" ":" "\" <">
      "/" "[" | "]" "?" "="
      " {" | "}

      "

      SP HT

      Note that the cookie name MUST be a token and a token MUST NOT contain ":"

      That's why tomcat 6.x delivers (correctly with best guess) "signInPanel" as cookie name for the above example.

        Activity

        Andreas Sahlbach created issue -
        Igor Vaynberg made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Assignee Igor Vaynberg [ ivaynberg ]
        Resolution Fixed [ 1 ]
        Fix Version/s 1.4-M4 [ 12313295 ]
        Fix Version/s 1.3.5 [ 12313175 ]
        Hide
        Martijn Dashorst added a comment -

        1.3.x contains JDK 1.5 or 1.6 code, needs fixing for 1.4 sdk (and the unit test didn't run!)

        Show
        Martijn Dashorst added a comment - 1.3.x contains JDK 1.5 or 1.6 code, needs fixing for 1.4 sdk (and the unit test didn't run!)
        Martijn Dashorst made changes -
        Resolution Fixed [ 1 ]
        Assignee Igor Vaynberg [ ivaynberg ] Martijn Dashorst [ dashorst ]
        Status Resolved [ 5 ] Reopened [ 4 ]
        Hide
        Martijn Dashorst added a comment -

        Fixed compilation error and the unit test in 1.3.x

        Show
        Martijn Dashorst added a comment - Fixed compilation error and the unit test in 1.3.x
        Martijn Dashorst made changes -
        Status Reopened [ 4 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Martijn Dashorst
            Reporter:
            Andreas Sahlbach
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development