Bug 48322 - Reading a cookie with an apostrophe in the value is truncated in Tomcat 6.0.20 and 6.0.18
Summary: Reading a cookie with an apostrophe in the value is truncated in Tomcat 6.0.2...
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 5.5.28
Hardware: PC Linux
: P2 regression (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2009-12-01 12:02 UTC by Robert Schultz
Modified: 2010-03-04 20:48 UTC (History)
0 users

Simple JSP that reproduces the issue (426 bytes, application/octet-stream)
2009-12-01 12:02 UTC, Robert Schultz

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Schultz 2009-12-01 12:02:28 UTC
Created attachment 24654 [details]
Simple JSP that reproduces the issue

If you set a cookie in a JSP that has an apostrophe in the value, reading that cookie in subsequent loads truncates at the apostrophe.

Reading the cookie fails even if the cookie was set client side or was pre-existing.

I've attached a very simple testcase.jsp page

Visit the page more than once.

What you see in 6.0.14:
Server side cookie value [test'ing] 

What you see in 6.0.18 and 6.0.20:
Server side cookie value [test]

In all three tested tomcat versions, if you view your cookies in your browser, you'll correctly see it has been set to "test'ing"

Likewise if you inspect the HTTP headers being returned you correctly see:
Set-Cookie: testcookie=test'ing

Something changed after 6.0.14 that causes cookies with apostrophes when read server side to be truncated.
Comment 1 Mark Thomas 2009-12-01 12:12:55 UTC
This has already been fixed in trunk and proposed for 6.0.x and 5.5.x
Comment 2 Mark Thomas 2009-12-15 10:53:12 UTC
This has been fixed in 6.0.x and will be included in 6.0.21 onwards.
Comment 3 Robert Schultz 2010-02-05 06:32:36 UTC
Using Tomcat 6.0.24 the testcase I attached passes.

Comment 4 Konstantin Kolinko 2010-03-04 20:48:57 UTC
Fixed in 5.5, will be in 5.5.29 onwards.