Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Major
-
Resolution: Not A Bug
-
Affects Version/s: 6.1.21
-
Fix Version/s: None
-
Component/s: Servlet
-
Labels:None
-
Environment:HideLinux 2.6.18-92.1.13.el5 #1 SMP Wed Sep 24 19:32:05 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
java version "1.6.0_11"
Java(TM) SE Runtime Environment (build 1.6.0_11-b03)
BEA JRockit(R) (build R27.6.3-40_o-112056-1.6.0_11-20090318-2103-linux-ia32, compiled mode)
ShowLinux 2.6.18-92.1.13.el5 #1 SMP Wed Sep 24 19:32:05 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux java version "1.6.0_11" Java(TM) SE Runtime Environment (build 1.6.0_11-b03) BEA JRockit(R) (build R27.6.3-40_o-112056-1.6.0_11-20090318-2103-linux-ia32, compiled mode)
-
Number of attachments :
Description
I upgraded from jetty-1.6.19 to jetty-1.6.21 and started seeing tons of warnings in the console log like:
2009-10-14 11:26:57.998::WARN: java.lang.IllegalArgumentException: Cookie name "15 Oct 2009 14:43:11 UTC" is a reserved token
2009-10-14 11:26:57.998::WARN: java.lang.IllegalArgumentException: Cookie name "15 Oct 2009 14:53:18 UTC" is a reserved token
2009-10-14 11:26:58.081::WARN: java.lang.IllegalArgumentException: Cookie name "15 Oct 2009 14:23:54 GMT" is a reserved token
2009-10-14 11:26:58.111::WARN: java.lang.IllegalArgumentException: Cookie name "15 Oct 2009 15:02:13 GMT" is a reserved token
I looked at the code changes for JETTY-1055 and see the logging change but also a lot of changes surrounding cookie parsing. So not sure if this issue was always there for me and it just wasn't being logged or if it is an issue with the fixes for JETTY-1055. Seems like a potential parsing error, where in some case the expires token is being misused as the name.
Here's some output from -DDEBUG:
2009-10-14 10:39:09.005::WARN: java.lang.IllegalArgumentException: Cookie name "15 Oct 2009 14:21:29 GMT" is a reserved token
2009-10-14 10:39:09.005::DEBUG: EXCEPTION
java.lang.IllegalArgumentException: Cookie name "15 Oct 2009 14:21:29 GMT" is a reserved token
at javax.servlet.http.Cookie.<init>(Cookie.java:150)
at org.mortbay.jetty.Request.getCookies(Request.java:601)
at org.mortbay.jetty.servlet.SessionHandler.setRequestedId(SessionHandler.java:226)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:136)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:322)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:536)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:930)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:747)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
2009-10-14 10:39:09.005::DEBUG: Got Session ID h2qs4haphn99 from cookie
I'd be happy to deploy a patch that logs more information if that would be helpful. Tried building Jetty on my own to implement something like that but having issues with that.
Marc,
This looks like the cookie has a bad value. I don't believe that the client should be sending the expires token to the server - it is the server side that generates that information to the client in the Set-Cookie header.
It could be that when we tightened up the cookie parsing for the last release that it has revealed this problem in your app.
But, it would be helpful if you could post the entire value of the cookie as sent from the client to the server and we'll take a look to make sure there's nothing funny in our parsing.
thanks
Jan