| Summary: | Reading a cookie with an apostrophe in the value is truncated in Tomcat 6.0.20 and 6.0.18 | ||
|---|---|---|---|
| Product: | Tomcat 5 | Reporter: | Robert Schultz <robert> |
| Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
| Status: | RESOLVED FIXED | ||
| Severity: | regression | ||
| Priority: | P2 | ||
| Version: | 5.5.28 | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Attachments: | Simple JSP that reproduces the issue | ||
This has already been fixed in trunk and proposed for 6.0.x and 5.5.x This has been fixed in 6.0.x and will be included in 6.0.21 onwards. Using Tomcat 6.0.24 the testcase I attached passes. Fixed. Fixed in 5.5, will be in 5.5.29 onwards. |
Created attachment 24654 [details] Simple JSP that reproduces the issue If you set a cookie in a JSP that has an apostrophe in the value, reading that cookie in subsequent loads truncates at the apostrophe. Reading the cookie fails even if the cookie was set client side or was pre-existing. I've attached a very simple testcase.jsp page Visit the page more than once. What you see in 6.0.14: Server side cookie value [test'ing] What you see in 6.0.18 and 6.0.20: Server side cookie value [test] In all three tested tomcat versions, if you view your cookies in your browser, you'll correctly see it has been set to "test'ing" Likewise if you inspect the HTTP headers being returned you correctly see: Set-Cookie: testcookie=test'ing Something changed after 6.0.14 that causes cookies with apostrophes when read server side to be truncated.