W3C home > Mailing lists > Public > www-jigsaw@w3.org > March to April 2007

Re: Cookie parsing issue...

From: Yves Lafon <ylafon@w3.org>
Date: Fri, 16 Mar 2007 08:49:37 -0400 (EDT)
To: "Laird, Brian" <BLaird@havigs.com>
Cc: www-jigsaw@w3.org
Message-ID: <Pine.LNX.4.64.0703160841100.22489@ubzre.j3.bet>

On Fri, 16 Mar 2007, Yves Lafon wrote:

>
> On Fri, 16 Mar 2007, Laird, Brian wrote:
>
>> I hope things are well; it has been a while since we have talked.  We
>> came across a problem I am hoping you (or someone who knows the jigsaw
>> code well) can help us with.  In a majority of our processing we are
>> using some randomly generated cookie values from a third party as kind
>> of a session identifier.  Well a few days ago the value being generated
>> started to look like this (without the double quotes):
>> "0_0RbEAwflUxOTIxNjgyMDMzMw==".  We also store this value in memory and
>> compare it to the cookie when the user comes back to our site.

Ok, I located the issue, the parsing is done in 
org.w3c.www.http.HttpCookieList, in parse(), the parser has '=' as a 
separator, hence the issue you see.

you can try to change
     c.setValue(it.toString(raw));

by

StringBuffer sb = new StringBuffer(it.toString(raw));
while (HttpParser.nextItem(raw, it) < 0 ) {
     sb.append('=');
     sb.append(it.toString(raw);
}
c.setValue(sb.toString());

and see if that fixes the issue.

-- 
Baroula que barouleras, au tiéu toujou t'entourneras.

         ~~Yves
Received on Friday, 16 March 2007 12:49:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:38 GMT