-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 5/24/2011 5:28 PM, Caldarale, Charles R wrote:
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Subject: Re: Control character in cookie value or attribute
>
>> On 5/24/2011 5:09 PM
Hope you don't mind...I opened a ticket for this:
https://issues.apache.org/bugzilla/show_bug.cgi?id=51260
Dan
On Tue, May 24, 2011 at 5:28 PM, Caldarale, Charles R
wrote:
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Subject: Re: Control character i
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: Control character in cookie value or attribute
> On 5/24/2011 5:09 PM, Dan Checkoway wrote:
> > -} else if (CookieSupport.isHttpToken(value) &&
> > -!CookieSuppor
I wasn't gonna say anything about that, but I did consult my "operator
precedence" reference while looking at it... :-) +1 on parens!
Dan
On Tue, May 24, 2011 at 5:21 PM, Christopher Schultz
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Dan,
>
> On 5/24/2011 5:09 PM, Dan Checkow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan,
On 5/24/2011 5:09 PM, Dan Checkoway wrote:
> -} else if (CookieSupport.isHttpToken(value) &&
> -!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
> -CookieSupport.isV0Token(value) &&
> -CookieSu
Ah, thanks! I see now that setting ALLOW_HTTP_SEPARATORS_IN_V0=true
bypasses that check in a few spots. Probably what Chuck was alluding
to in his reply...
The one spot it wouldn't bypass is line 292 in ServerCookie.java. You
guys could switch the order of the logical checks in there, i.e.:
-
On 24/05/2011 21:25, Dan Checkoway wrote:
> This is super low priority, since I assume somebody is passing junk in a
> Set-Cookie header, but I'd love to get to the bottom of it (I'm of the "no
> request left behind" mindset), and I'm still in the dark about what Tomcat
> doesn't like about what it
This is super low priority, since I assume somebody is passing junk in a
Set-Cookie header, but I'd love to get to the bottom of it (I'm of the "no
request left behind" mindset), and I'm still in the dark about what Tomcat
doesn't like about what it's being passed.
Can you guys shed any light on w
Ah, thanks! To be honest I'm not sure which of those properties would work
around the "Control character in cookie value or attribute" exception.
Maybe org.apache.tomcat.util.http. ServerCookie.FWD_SLASH_IS_SEPARATOR? I
can't tell if "Control character" means a literal non-printable character
(i
> From: Dan Checkoway [mailto:dchecko...@gmail.com]
> Subject: Control character in cookie value or attribute
> I honestly have no idea if it's related to the tomcat version
> or some legitimately wacked out Set-Cookie header coming in.
Both, actually. Tomcat 7 is bit more picky about what it
Christopher Schultz wrote:
I'm surprised that nobody else has noticed that the control
characters
in question were already posted by Itay... it's just that nobody
bothered to read the error message properly :)
And we are quite flabbergasted that you did not peruse the thread
carefully, or y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 12/9/2009 1:35 PM, André Warnier wrote:
> Chris,
>
> Christopher Schultz wrote:
>>
>> I'm surprised that nobody else has noticed that the control characters
>> in question were already posted by Itay... it's just that nobody
>> bothered to
Chris,
Christopher Schultz wrote:
I'm surprised that nobody else has noticed that the control characters
in question were already posted by Itay... it's just that nobody
bothered to read the error message properly :)
And we are quite flabbergasted that you did not peruse the thread
carefully
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 12/8/2009 6:28 PM, André Warnier wrote:
> So now I can go to sleep peacefully, knowing that these parts of the
> cookie do not in effect contain control characters.
I'm surprised that nobody else has noticed that the control characters
in q
Itay,
you seem to ignore selective parts of the answers and tips which you are
given, and then rediscover them selectively 3 posts later.
itay sahar wrote:
Andre,
I'm not sure why you worry about the other cookie value.
Thank you for your concern, but I don't worry too much. It is not my
Andre,
I'm not sure why you worry about the other cookie value. let me show you an
example
maybe then you may see something that i'm missing.
getCookieMaxAge() is 31536000
cookiePathis /jboss-seam-jpa
What can be wrong here ? It works!
Are you worry about special character on cookiePath.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Itay,
On 12/4/2009 7:41 PM, itay sahar wrote:
> I'm using seam on tomcat 6.0.20 and encounter problem in my security module.
>
> Basically, i try to add cookie with base64 encoding of the username which is
> email address.
> The encoding works and no
sure!
protected void setCookieValueIfEnabled(String value)
{
FacesContext ctx = FacesContext.getCurrentInstance();
if ( isCookieEnabled() && ctx != null)
{
HttpServletResponse response = (HttpServletResponse)
ctx.getExternalContext().getResponse();
Cookie co
itay sahar wrote:
sure!
protected void clearCookieValue()
{
Cookie cookie = getCookie();
if ( cookie!=null )
{
HttpServletResponse response = (HttpServletResponse)
FacesContext.getCurrentInstance().getExternalContext().getResponse();
cookie.setValue(null);
sure!
protected void clearCookieValue()
{
Cookie cookie = getCookie();
if ( cookie!=null )
{
HttpServletResponse response = (HttpServletResponse)
FacesContext.getCurrentInstance().getExternalContext().getResponse();
cookie.setValue(null);
cookie.setP
On 7 Dec 2009, at 19:26, itay sahar wrote:
> I add log for the following method:
>
> protected String encodeToken(String username, String value)
> {
> StringBuilder sb = new StringBuilder();
> sb.append(username);
> sb.append(":");
> sb.append(value);
> return Base64.en
I add log for the following method:
protected String encodeToken(String username, String value)
{
StringBuilder sb = new StringBuilder();
sb.append(username);
sb.append(":");
sb.append(value);
return Base64.encodeBytes(sb.toString().getBytes());
}
*Before encodi
Thanks André,
*
*
*I agree with you about the doubt you have about the ":" being in C (after
encoding).*
return Base64.encodeBytes(sb.toString().getBytes());
*I guess you suggest to log somthing like *
*(new String(C)).getBytes ? If yes I post it here later. I hope you can then
suggest somthing to
itay sahar wrote:
Pid,
I'm not using B as the cookie value. A & B go to encode and finally you
have *one *value(C). this value
is sent to addCookie.
C is somthing like:
aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0
Ok, let's take this at face value.
So yet, you
Pid,
I'm not using B as the cookie value. A & B go to encode and finally you
have *one *value(C). this value
is sent to addCookie.
C is somthing like:
aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0
On Mon, Dec 7, 2009 at 12:16 PM, Pid wrote:
> On 06/12/2009 21:51,
On 06/12/2009 21:51, itay sahar wrote:
Hi Andre,
please see below input and output of:
protected String encodeToken(String username, String value)
{
StringBuilder sb = new StringBuilder();
sb.append(username);
sb.append(":");
sb.append(value);
return Base64
Hi Andre,
please see below input and output of:
protected String encodeToken(String username, String value)
{
StringBuilder sb = new StringBuilder();
sb.append(username);
sb.append(":");
sb.append(value);
return Base64.encodeBytes(sb.toString().getBytes());
}
Inpu
Thanks for reply Mark,
So you suggest to change the following method:
protected String encodeToken(String username, String value)
{
StringBuilder sb = new StringBuilder();
sb.append(username);
sb.append(":");
sb.append(value);
return Base64.encodeBytes(sb.toString
Mark Thomas wrote:
itay sahar wrote:
Caused by: java.lang.IllegalArgumentException: Control character in cookie
value, consider BASE64 encoding your value
at
org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:396)
To cause this, there must be a character in the valu
itay sahar wrote:
> Caused by: java.lang.IllegalArgumentException: Control character in cookie
> value, consider BASE64 encoding your value
> at
> org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:396)
To cause this, there must be a character in the value with an ASCII
This is not my code. It is seam code.
see below the encoding section:
protected String encodeToken(String username, String value)
{
StringBuilder sb = new StringBuilder();
sb.append(username);
sb.append(":");
sb.append(value);
return Base64.encodeBytes(sb.toString()
itay sahar wrote:
Hi all,
I'm using seam on tomcat 6.0.20 and encounter problem in my security module.
Basically, i try to add cookie with base64 encoding of the username which is
email address.
The encoding works and no exception is thrown. But when seam try adding the
cookie an exception i
32 matches
Mail list logo
