CookieDecoder issues with Google Analytics

Trustin Lee (이희승) trustin at gmail.com
Thu Nov 19 04:51:24 EST 2009 

I've just checked in the fix for this issue.

Here's the related JIRA issue which describes how I fixed it:

    https://jira.jboss.org/jira/browse/NETTY-255

And here's the JUnit test case:

    http://fisheye.jboss.org/browse/Netty/trunk/src/test/java/org/jboss/netty/handler/codec/http/CookieDecoderTest.java?r1=1783&r2=1899

Could you please confirm my fix works for you?  Get the build here:

    http://hudson.jboss.org/hudson/view/Netty/job/netty/871/

This fix will not be included in 3.1 but in 3.2, as it's not really a
bug but really an improvement.  You can backport the change by
yourself though.

Thanks!

— Trustin Lee, http://gleamynode.net/

On Thu, Nov 19, 2009 at 6:09 PM, Trustin Lee (이희승) <trustin at gmail.com> wrote:
> The cookie violated the RFC because:
>
> 1) it does not have $Version attribute (see RFC 2109)
> 2) comma (,) is prohibited in a cookie value unless it's surrounded by
> double quotes (") (See the definition of 'token' in RFC 2068. value is
> either a token or a quoted string, and token cannot have comma.)
>
> I concur with you that we can't argue with Google anyway, so let me
> think of a good idea to make CookieDecoder more robust.
>
> Thanks!
>
> — Trustin Lee, http://gleamynode.net/
>
> On Tue, Nov 17, 2009 at 10:44 PM, Dave Siracusa
> <dave.siracusa at yellowbook.com> wrote:
>>
>>
>>
>> Dave Siracusa wrote:
>>>
>>> I'm getting the following exception:
>>> java.lang.IllegalArgumentException: name contains one of the following
>>> prohibited characters: =,; \t\r\n\v\f: /clearance,/32/dept.html
>>>       at
>>> org.jboss.netty.handler.codec.http.DefaultCookie.<init>(DefaultCookie.java:89)
>>>       at
>>> org.jboss.netty.handler.codec.http.CookieDecoder.decode(CookieDecoder.java:129)
>>>
>>> Sample cookie:
>>> __utma=48461872.1094088325.1258140131.1258140131.1258140131.1
>>>  __utmb=48461872.13.10.1258140131
>>>  __utmc=48461872
>>>
>>> __utmz=48461872.1258140131.1.1.utmcsr=overstock.com|utmccn=(referral)|utmcmd=referral|utmcct=/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html
>>>
>>> Google Analytics uses commas in their cookie value, and who can argue with
>>> Google.
>>>
>>> I looked at the w3c rfc 2109 and it appears (I guess) that ;, are
>>> legitimate delimiters.
>>> An excerpt from the rfc:
>>> The syntax for the header is:
>>>     cookie             =       "Cookie:" cookie-version
>>>                             1*((";" | ",") cookie-value)
>>>     cookie-value     =       NAME "=" VALUE [";" path] [";" domain]
>>>     cookie-version   =       "$Version" "=" value
>>>     NAME               =       attr
>>>     VALUE              =       value
>>>     path                 =       "$Path" "=" value
>>>     domain              =       "$Domain" "=" value
>>>
>>> So do we ignore commas?  Do we establish precedence with the first
>>> encountered delimiter and ignore the other?
>>>
>>> BTW - I didn't look at the cookeencoder.
>>>
>>>
>>
>> Via ReflectionToStringBuilder:
>> HttpRequest:org.jboss.netty.handler.codec.http.DefaultHttpRequest at 6c8dc7fe[
>>  method=GET
>>  uri=/custom-wood-furniture.html
>>  version=HTTP/1.1
>>  headers={Accept=[image/gif, image/jpeg, image/pjpeg,
>> application/x-ms-application, application/vnd.ms-xpsdocument,
>> application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash,
>> application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
>> application/x-silverlight, */*], Accept-Encoding=[gzip, deflate],
>> Accept-Language=[en-us], Connection=[Keep-Alive],
>>  Cookie=[ARPT=LWUKQPSWRTUN04CKKJI;
>> kw-2E343B92-B097-442c-BFA5-BE371E0325A2=unfinished furniture;
>> __utma=48461872.1094088325.1258140131.1258140131.1258140131.1;
>> __utmb=48461872.13.10.1258140131; __utmc=48461872;
>> __utmz=48461872.1258140131.1.1.utmcsr=overstock.com|utmccn=(referral)|utmcmd=referral|utmcct=/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html],
>> Host=[gelcowoodcraft.yb-masked-domain.com],
>> Referer=[http://gelcowoodcraft.yb-masked-domain.com/finished-unfinished-furniture-accessories.html],
>> User-Agent=[Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0;
>> SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729;
>> OfficeLiveConnector.1.4; OfficeLivePatch.1.3; .NET CLR 3.0.30729)]}
>>  content=BigEndianHeapChannelBuffer(ridx=0, widx=0, cap=0) ]
>>
>> --
>> View this message in context: http://n2.nabble.com/CookieDecoder-issues-with-Google-Analytics-tp4018428p4018612.html
>> Sent from the Netty Developer Group mailing list archive at Nabble.com.
>> _______________________________________________
>> netty-dev mailing list
>> netty-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/netty-dev
>>
>

More information about the netty-dev mailing list