CookieDecoder issues with Google Analytics
Trustin Lee (이희승)
trustin at gmail.com
Thu Nov 19 04:09:01 EST 2009
The cookie violated the RFC because:
1) it does not have $Version attribute (see RFC 2109)
2) comma (,) is prohibited in a cookie value unless it's surrounded by
double quotes (") (See the definition of 'token' in RFC 2068. value is
either a token or a quoted string, and token cannot have comma.)
I concur with you that we can't argue with Google anyway, so let me
think of a good idea to make CookieDecoder more robust.
Thanks!
— Trustin Lee, http://gleamynode.net/
On Tue, Nov 17, 2009 at 10:44 PM, Dave Siracusa
<dave.siracusa at yellowbook.com> wrote:
>
>
>
> Dave Siracusa wrote:
>>
>> I'm getting the following exception:
>> java.lang.IllegalArgumentException: name contains one of the following
>> prohibited characters: =,; \t\r\n\v\f: /clearance,/32/dept.html
>> at
>> org.jboss.netty.handler.codec.http.DefaultCookie.<init>(DefaultCookie.java:89)
>> at
>> org.jboss.netty.handler.codec.http.CookieDecoder.decode(CookieDecoder.java:129)
>>
>> Sample cookie:
>> __utma=48461872.1094088325.1258140131.1258140131.1258140131.1
>> __utmb=48461872.13.10.1258140131
>> __utmc=48461872
>>
>> __utmz=48461872.1258140131.1.1.utmcsr=overstock.com|utmccn=(referral)|utmcmd=referral|utmcct=/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html
>>
>> Google Analytics uses commas in their cookie value, and who can argue with
>> Google.
>>
>> I looked at the w3c rfc 2109 and it appears (I guess) that ;, are
>> legitimate delimiters.
>> An excerpt from the rfc:
>> The syntax for the header is:
>> cookie = "Cookie:" cookie-version
>> 1*((";" | ",") cookie-value)
>> cookie-value = NAME "=" VALUE [";" path] [";" domain]
>> cookie-version = "$Version" "=" value
>> NAME = attr
>> VALUE = value
>> path = "$Path" "=" value
>> domain = "$Domain" "=" value
>>
>> So do we ignore commas? Do we establish precedence with the first
>> encountered delimiter and ignore the other?
>>
>> BTW - I didn't look at the cookeencoder.
>>
>>
>
> Via ReflectionToStringBuilder:
> HttpRequest:org.jboss.netty.handler.codec.http.DefaultHttpRequest at 6c8dc7fe[
> method=GET
> uri=/custom-wood-furniture.html
> version=HTTP/1.1
> headers={Accept=[image/gif, image/jpeg, image/pjpeg,
> application/x-ms-application, application/vnd.ms-xpsdocument,
> application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash,
> application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
> application/x-silverlight, */*], Accept-Encoding=[gzip, deflate],
> Accept-Language=[en-us], Connection=[Keep-Alive],
> Cookie=[ARPT=LWUKQPSWRTUN04CKKJI;
> kw-2E343B92-B097-442c-BFA5-BE371E0325A2=unfinished furniture;
> __utma=48461872.1094088325.1258140131.1258140131.1258140131.1;
> __utmb=48461872.13.10.1258140131; __utmc=48461872;
> __utmz=48461872.1258140131.1.1.utmcsr=overstock.com|utmccn=(referral)|utmcmd=referral|utmcct=/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html],
> Host=[gelcowoodcraft.yb-masked-domain.com],
> Referer=[http://gelcowoodcraft.yb-masked-domain.com/finished-unfinished-furniture-accessories.html],
> User-Agent=[Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0;
> SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729;
> OfficeLiveConnector.1.4; OfficeLivePatch.1.3; .NET CLR 3.0.30729)]}
> content=BigEndianHeapChannelBuffer(ridx=0, widx=0, cap=0) ]
>
> --
> View this message in context: http://n2.nabble.com/CookieDecoder-issues-with-Google-Analytics-tp4018428p4018612.html
> Sent from the Netty Developer Group mailing list archive at Nabble.com.
> _______________________________________________
> netty-dev mailing list
> netty-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-dev
>
More information about the netty-dev
mailing list