RE: Cookie parsing issue... from Laird, Brian on 2007-03-16 (www-jigsaw@w3.org from March to April 2007)

From: Laird, Brian <BLaird@havigs.com>
Date: Fri, 16 Mar 2007 07:54:22 -0500
To: "Yves Lafon" <ylafon@w3.org>
Cc: <www-jigsaw@w3.org>
Message-ID: <018501c767ca$341b16d6$2d1011ac@Perseco.com>

Thanks, Yves!  I will try that today to see if that fixes the problem.

Brian

-----Original Message-----
From: "Yves Lafon" <ylafon@w3.org>
To: "Laird, Brian" <BLaird@havigs.com>
Cc: "www-jigsaw@w3.org" <www-jigsaw@w3.org>
Sent: 3/16/2007 7:51 AM
Subject: Re: Cookie parsing issue...

On Fri, 16 Mar 2007, Yves Lafon wrote:

>
> On Fri, 16 Mar 2007, Laird, Brian wrote:
>
>> I hope things are well; it has been a while since we have talked.  We
>> came across a problem I am hoping you (or someone who knows the jigsaw
>> code well) can help us with.  In a majority of our processing we are
>> using some randomly generated cookie values from a third party as kind
>> of a session identifier.  Well a few days ago the value being generated
>> started to look like this (without the double quotes):
>> "0_0RbEAwflUxOTIxNjgyMDMzMw==".  We also store this value in memory and
>> compare it to the cookie when the user comes back to our site.

Ok, I located the issue, the parsing is done in 
org.w3c.www.http.HttpCookieList, in parse(), the parser has '=' as a 
separator, hence the issue you see.

you can try to change
     c.setValue(it.toString(raw));

by

StringBuffer sb = new StringBuffer(it.toString(raw));
while (HttpParser.nextItem(raw, it) < 0 ) {
     sb.append('=');
     sb.append(it.toString(raw);
}
c.setValue(sb.toString());

and see if that fixes the issue.

-- 
Baroula que barouleras, au tiéu toujou t'entourneras.

         ~~Yves

************************************************************************
This e-mail and any accompanying documents or files contain information that is the 
property of HAVI Global Solutions, that is intended solely for those to whom this e-mail is addressed 
(i.e., those identified in the "To" and "Cc" boxes), and that is confidential, proprietary, 
and/or privileged.  If you are not an intended recipient of this e-mail, you are hereby 
notified that any viewing, use, disclosure, forwarding, copying, or distribution of any of 
this information is strictly prohibited and may be subject to legal sanctions.  If you have 
received this e-mail in error, please notify the sender immediately of any unintended 
recipients, and delete the e-mail, all attachments, and all copies of both from your system.

While we have taken reasonable precautions to ensure that any attachments to this e-mail 
have been swept for viruses, we cannot accept liability for any damage sustained as a 
result of software viruses.
************************************************************************

Received on Friday, 16 March 2007 12:54:18 UTC