Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] no cookies?

You have badly defined cookies.

Starting here ...
https://tools.ietf.org/html/rfc6265#section-4.2

The request "Cookie" header is defined to have the values ..

   cookie-header = "Cookie:" OWS cookie-string OWS
   cookie-string = cookie-pair *( ";" SP cookie-pair )

Next we look at
https://tools.ietf.org/html/rfc6265#section-4.1.1

which defines cookie-pair as

 cookie-pair       = cookie-name "=" cookie-value
 cookie-name       = token
 cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
 cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace DQUOTE, comma, semicolon,
                       ; and backslash
 token             = <token, defined in [RFC2616], Section 2.2>

Now we take a look at
https://tools.ietf.org/html/rfc2616#section-2.2

which defines token as

       token          = 1*<any CHAR except CTLs or separators>
       separators     = "(" | ")" | "<" | ">" | "@"
                      | "," | ";" | ":" | "\" | <">
                      | "/" | "[" | "]" | "?" | "="
                      | "{" | "}" | SP | HT

Which tells us that the cookie-name you are using with the ":" symbol is not allowed per spec.
The cookie-names "ducc:refreshmode", "ducc:agents", "ducc:jobsmax", "ducc:jobsusers" are all invalid.


Joakim Erdfelt / joakim@xxxxxxxxxxx

On Tue, Jan 19, 2016 at 1:34 PM, Lou DeGenaro <lou.degenaro@xxxxxxxxx> wrote:
When I put a breakpoint @ line 254 in org.eclipse.jetty.server.AbstractHttpConnection.getResuestFields() the _fileds value is:

[[Host=192.168.6.67:42133], [User-Agent=Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0], [Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8], [Accept-Language=en-US,en;q=0.5], [Accept-Encoding=gzip, deflate], [Referer=http://192.168.6.67:42133/jobs.jsp], [Cookie=ducc:refreshmode=automatic; ducc:agents=show; JSESSIONID=yimag13sezeb18azc3oaoppe3; ducc:jobsmax=16; ducc:jobsusers=], [Connection=keep-alive]]

Is there something wrong with the Cookie format which previously worked in Jetty 7 but does not seem to work in Jetty 8?

Lou.

On Sun, Jan 17, 2016 at 7:29 AM, Lou DeGenaro <lou.degenaro@xxxxxxxxx> wrote:
We are attempting to upgrade from 7.4.4 to 8.1.16 and find that although the browser shows cookies, on the server side HttpServletRequest getCookies() does not find them.  What's changed?

Lou.


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top