[jboss-jira] [JBoss JIRA] Commented: (JBAS-7372) Base 64 encoded cookie containing '=' is getting truncated

Thu Oct 15 11:29:17 EDT 2009

    [ https://jira.jboss.org/jira/browse/JBAS-7372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12490050#action_12490050 ] 

Darryl Miles commented on JBAS-7372:
------------------------------------

https://issues.apache.org/bugzilla/show_bug.cgi?id=44871  "Cookie parsing issue" (RESOLVED DUPLICATE)
https://issues.apache.org/bugzilla/show_bug.cgi?id=44679  "Cookies are treated differently between 6.0.16 and 6.0.14"  (RESOLVED FIXED)

For a workaround issue, it should be possible to add back the correct number of "=" since all base64 does it encode 3 bytes (8-bit) into 4 characters (base64, 6bits, represented in the base64 character-set).  So there is between 0 and 3 "=" characters on the end of the data to make the total length of the base64 encoded string a multiple of 4.

So to reconfirm can you try your application/tests with the latested version of TC6 to see if the recent changes have fixed the issue ?  Can you confirm/report the exact version of TC6 you tested with for clarify.  Then it maybe an issue that this matter can be resolved by upgrading TC6 inside JBAS to a newer version.

> Base 64 encoded cookie containing '=' is getting truncated
> ----------------------------------------------------------
>
>                 Key: JBAS-7372
>                 URL: https://jira.jboss.org/jira/browse/JBAS-7372
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions: JBossAS-5.1.0.GA
>         Environment: WinXP + JBoss 5.1.0 GA
> Windows 2003 IIS 6.0 used to create cookie
>            Reporter: Sangeetha Radhakrishnan
>
> Hi,
> My application running in JBoss 5.1.0 GA has to do authentication using Base 64 encoded cookie which is created by another 3rd party application running on IIS. While reading the cookie from the request object, the '=' got truncated, as JBoss 5.1.0 GA considering it as invalid cookie character. I cann't change the  '=' to some other characters like '_' before adding the cookie, becuase the cookie was created by 3rd party appliation which is running on IIS. Even I have tried by setting the STRICT_SERVLET_COMPLIANCE=false, it is not switching the invalid cookie characters to valid cookie character if cookie is created by another application running on IIS.
> Steps to re-produce:
> 1. Write an application called 'dotNetApp1' to Create cookie called "AthuNCookie".
> 2. Deploy this application on IIS 6.0
> 3. Write a simple WebApplication called 'javaApp1' to read the "AthuNCookie" from the browser/request object.
> 4. Deploy this web application in JBoss 5.1.0 GA. 
> 5. Access "http://hostname/dotNetApp1" - this will create 'AuthNCookie" in the browser.
> 6. In the same browser, change the URL to "http://hostname:8080/javaApp1" to read the "AuthNCookie"
> Could you please let me know is JBoss patch available for this issue or any work-around also will be fine.
> In case if patch or work-around is not available, let me know Which JBoss version consider '=' as valid cookie character.
> Thank You!

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira