Details
-
Type:
Bug
-
Status:
Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 6.1.12rc1
-
Fix Version/s: 7.0.0pre4, 6.1.12.rc2
-
Component/s: HTTP
-
Labels:None
-
Environment:HideLinux 2.6.25-gentoo-r6 #5 SMP PREEMPT Sat Aug 2 16:35:23 BST 2008 x86_64 Intel(R) Core(TM)2 Duo CPU T9500 @ 2.60GHz GenuineIntel GNU/Linux
java version "1.6.0_07"
Java(TM) SE Runtime Environment (build 1.6.0_07-b06)
Java HotSpot(TM) 64-Bit Server VM (build 10.0-b23, mixed mode)ShowLinux 2.6.25-gentoo-r6 #5 SMP PREEMPT Sat Aug 2 16:35:23 BST 2008 x86_64 Intel(R) Core(TM)2 Duo CPU T9500 @ 2.60GHz GenuineIntel GNU/Linux java version "1.6.0_07" Java(TM) SE Runtime Environment (build 1.6.0_07-b06) Java HotSpot(TM) 64-Bit Server VM (build 10.0-b23, mixed mode)
-
Testcase included:yes
-
Number of attachments :
Description
Oh Hai,
We're seeing a problem with certain cookie values that are being sent from 3rd parties to our jetty servers. These cookies contain 'unusual' values (e.g. V1z%B%^rQrCCB) but do appear to be valid according to the spec. However jetty attempts to decode the cookie value and blows up with a NumberFormatException, which kills the users' session / prevents any further processing (and makes us sad):
java.lang.NumberFormatException: B%
at org.mortbay.util.TypeUtil.parseInt(TypeUtil.java:345)
at org.mortbay.util.URIUtil.decodePath(URIUtil.java:197)
at org.mortbay.jetty.Request.getCookies(Request.java:481)
Attached is a simple junit test case detailing the issue.
Interestingly the previous line in Request.java (line 480) shows the following:
// TODO remove this old style jetty cookie support (encoding)
Any help would be greatly appreciated,
Thanks & Regards,
Gus.
Interestingly enough we're seeing this with 6.1.12rc1 but we can't reproduce it on 6.1.4.