11:03 p.m.
Thanks for that. I did do a search but didn’t manage to find that ticket, better polish up
my search skills :-)
brian…
On 3 Aug 2018, at 8:14 PM, Masafumi Miura
<mmiura@redhat.com<mailto:mmiura@redhat.com>> wrote:
Hi,
This was already reported at https://issues.jboss.org/browse/UNDERTOW-1163
If you upgrade to WildFly 12 or later, you can allow a comma as cookie separator by
setting the system property "io.undertow.legacy.cookie.COMMA_IS_SEPARATOR" to
true:
./bin/standalone.sh ... -Dio.undertow.legacy.cookie.COMMA_IS_SEPARATOR=true
Thanks,
--
Masafumi Miura / 三浦 雅史
On Fri, Aug 3, 2018 at 6:17 PM, Brian R Wallis
<Brian.Wallis@infomedix.com.au<mailto:Brian.Wallis@infomedix.com.au>> wrote:
Are commas allowed as a separator of multiple cookies in a cookie
header?
I am running an application in wildfly-11.0.0.Final and another application is making a
request with two cookies, JSESSIONID and JSESSIONIDSSO. It is sending these as
JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV,
JSESSIONID=lDA5h47Pk_jrnIwAshNsQ7Ot269XyVSTR1mwYNEL.localhost
which then seems to be parsed into a single cookie
JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV, JSESSIONID
which of course does not work for the authentication so the request fails. This seems to
be a failure in parsing the original cookie string. There is a bit of confusion in this
area in the RFCs as the earlier ones allowed comma as a separator but the most recent,
RFC-6265, does not. Undertow should probably allow a comma separator for backward
compatibility with older implementations.
Thanks
brian wallis…
The full dump from the undertow request dumper is
18:33:29,249 INFO [io.undertow.request.dump] (Unknown)
----------------------------REQUEST---------------------------
URI=/infoapi/user/profile
characterEncoding=null
contentLength=-1
contentType=[none]
cookie=JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV, JSESSIONID
header=Connection=Keep-Alive
header=Orbeon-Token=5b4085e06896f374e8dec7a22f9e411a2b0d2105
header=Accept-Encoding=gzip,deflate
header=Content-Type=none
header=Cookie=JSESSIONIDSSO=jIEqQ-kTedwXrvqm9CBACBg8QlCXzJKILwCftnaV,
JSESSIONID=lDA5h47Pk_jrnIwAshNsQ7Ot269XyVSTR1mwYNEL.localhost
header=Cookie2=$Version=1
header=Host=localhost
locale=[]
method=GET
protocol=HTTP/1.1
queryString=
remoteAddr=/127.0.0.1:55984<http://127.0.0.1:55984/>
remoteHost=localhost
scheme=http
host=localhost
serverPort=80
--------------------------RESPONSE--------------------------
contentLength=71
contentType=text/html;charset=UTF-8
cookie=JSESSIONIDSSO=null; domain=null; path=/
header=Expires=0
header=Cache-Control=no-cache, no-store, must-revalidate
header=X-Powered-By=Undertow/1
header=Set-Cookie=JSESSIONIDSSO=""; path=/; Max-Age=0; Expires=Thu,
01-Jan-1970 00:00:00 GMT
header=Server=WildFly/11
header=Pragma=no-cache
header=Date=Fri, 03 Aug 2018 08:33:29 GMT
header=WWW-Authenticate=Basic realm="REST API authentication
module"
header=Content-Type=text/html;charset=UTF-8
header=Content-Length=71
status=401
_______________________________________________
undertow-dev mailing list
undertow-dev@lists.jboss.org<mailto:undertow-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/undertow-dev