49252 – Reading a cookie with an '=' in the value is truncated

Bug 49252 - Reading a cookie with an '=' in the value is truncated

Summary: Reading a cookie with an '=' in the value is truncated

Status:	RESOLVED DUPLICATE of bug 44679

Alias:	None

Product:	Tomcat 6
Classification:	Unclassified
Component:	Catalina (show other bugs)
Version:	6.0.24
Hardware:	PC Windows XP

Importance:	P2 critical (vote)
Target Milestone:	default
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-05-05 09:56 UTC by Alex Objelean
Modified:	2010-05-05 11:14 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Objelean 2010-05-05 09:56:46 UTC

Simple JSP that reproduces the issue

If you set a cookie in a JSP that has an '=' character in the value, reading that
cookie in subsequent loads truncates at the apostrophe.

Reading the cookie fails even if the cookie was set client side or was
pre-existing.

I've attached a very simple testcase.jsp page

Comment 1 Mark Thomas 2010-05-05 10:01:12 UTC

Such a cookie is not specification compliant. Please read the archives or ask on the users list if you need further assistance.

Comment 2 Alex Objelean 2010-05-05 10:04:23 UTC

(In reply to comment #1)
> Such a cookie is not specification compliant. Please read the archives or ask
> on the users list if you need further assistance.

But this used to work on tomcat-6.0.16. The problem is that we encode a base64 value into a cookie and it does contain such characters. It is critical for our application.

Comment 3 Alex Objelean 2010-05-05 10:10:16 UTC

Not using Base64 character is not an option for us. Is there a work around for this problem?

Comment 4 Chuck Caldarale 2010-05-05 10:30:41 UTC

(In reply to comment #3)
> Not using Base64 character is not an option for us. Is there a work around for
> this problem?

To repeat what the man said:

"Please read the archives or ask on the users list if you need further assistance."

Bugzilla is not an appropriate forum for discussing application and configuration issues.

 - Chuck

Comment 5 Alex Objelean 2010-05-05 10:39:24 UTC

(In reply to comment #4)
> (In reply to comment #3)
> > Not using Base64 character is not an option for us. Is there a work around for
> > this problem?
> 
> To repeat what the man said:
> 
> "Please read the archives or ask on the users list if you need further
> assistance."
> 
> Bugzilla is not an appropriate forum for discussing application and
> configuration issues.
> 
>  - Chuck

Thank you Chuck. You are very kind and helpful :)

Comment 6 Konstantin Kolinko 2010-05-05 10:42:24 UTC

1. You should search first, before submitting an issue. See bug 44679
2. testcase.jsp is not attached
3. There is a configuration option to allow equal signs in a cookie value,
since 6.0.24, see
http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html

*** This bug has been marked as a duplicate of bug 44679 ***

Comment 7 Alex Objelean 2010-05-05 11:14:40 UTC

(In reply to comment #6)
> 1. You should search first, before submitting an issue. See bug 44679
> 2. testcase.jsp is not attached
> 3. There is a configuration option to allow equal signs in a cookie value,
> since 6.0.24, see
> http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html
> 
> *** This bug has been marked as a duplicate of bug 44679 ***

Thanks Konstantin!
The org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true solved my problem.