Jetty
  1. Jetty
  2. JETTY-154

Cookie parsing issue with Jetty 5

    Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.0.2, 6.1.0pre3
    • Component/s: HTTP
    • Labels:
      None
    • Number of attachments :
      0

      Description

      I am having an issue with Jetty parsing a cookie that is being sent to an application. This is the value of the cookie:

      %c2%a8%c3%acR%13%7b%e2%82%acX%c3%9a%c3%9b%3d%22%cb%9c%c3%ae3r%c3%b5%c3%8d%c5%bd'%c2%b8%e2%82%ac%1f%e2%84%a2P

      If you go through that mess, you will see there is a single quote ( ' ) in the string that is not encoded. This is causing Jetty to return the value of that cookie as that string plus the name and value of any cookies in the Cookie: header after this string. So, basically, the application does not see any cookies that show up after the single quote. I couldn't find anything in the RFC that forbids a single quote in the cookie value so, I was hoping someone here could tell me if this is an issue that should be fixed in Jetty or if this an issue with the application not encoding that properly.

        Activity

        Hide
        Greg Wilkins added a comment -

        I'll think about it some more

        Show
        Greg Wilkins added a comment - I'll think about it some more
        Hide
        Greg Wilkins added a comment -

        can you add your javascript as an attachment.... I think it is being miss quoted

        Show
        Greg Wilkins added a comment - can you add your javascript as an attachment.... I think it is being miss quoted
        Hide
        Greg Wilkins added a comment -

        Ah - it looks like browsers only pay attention to double quotes and not single quotes!
        So the solution may simple be to only dequote double quotes!

        Show
        Greg Wilkins added a comment - Ah - it looks like browsers only pay attention to double quotes and not single quotes! So the solution may simple be to only dequote double quotes!
        Hide
        Greg Wilkins added a comment -

        Tony,

        I have a fix in head of cvs for jetty 5.
        Can you test ASAP?

        Show
        Greg Wilkins added a comment - Tony, I have a fix in head of cvs for jetty 5. Can you test ASAP?
        Hide
        Greg Wilkins added a comment -

        Fixed in 5.1, 6.0 and 6.1
        single quotes are just ignored.

        Show
        Greg Wilkins added a comment - Fixed in 5.1, 6.0 and 6.1 single quotes are just ignored.

          People

          • Assignee:
            Greg Wilkins
            Reporter:
            Tony Thompson
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: