We have a cookie generated by the home page of our intranet as follows: Cookie: GetUser_Properties="abc","abc","abc","abc","abc","abc","abc","abc","abc";
If you put an é in the first parameter e.g. Cookie: GetUser_Properties="abcé","abc","abc","abc","abc","abc","abc","abc","abc"; Then we get result = 200 (success) If you put an é in any other parameter e.g. Cookie: GetUser_Properties="abc","abcé","abc","abc","abc","abc","abc","abc","abc"; Then we the HTTP error = 500. It's a strange one, and I guess the "é" in the 1st position should also generate HTTP 500 error but it doesn’t. However, my main concern is that the "é" could appear in any position in the cookie, and therefore we have an issue. Thanks, Kevin. -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: dimanche 2 février 2014 21:00 To: Tomcat Users List Subject: Re: cookie issue with Tomcat 7 - does not accept the character "é" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Kevin, On 2/2/14, 2:31 PM, Callinswood,Kevin,VEVEY,GLOBE BTC wrote: > We have upgraded to Tomcat 7 from Tomcat 6 and we are now facing > issues due to some of the standard company cookies containing an "é". > > Tomcat 6 accepted the "é" but upgrading to Tomcat 7 we get an error if > the "é" is any parameter except for the 1st position. What you do mean "any parameter except for the 1st position"? You said this was about cookies... > The error received is: > > SEVERE: Error processing request > java.lang.IllegalArgumentException: Control character in cookie value > or attribute. Can you give a protocol dump including byte-translation? For example, é is usually expressed as 0xc9 and appears in ISO-8859-1 as a single byte. Since it's in the top-half of the ISO-8859-1 character set, UTF-8 requires that it be represented by two bytes: 0xc3 0xa9 Without quoting, unquoted Cookie names and values may be any US-ASCII character from 0x32 - 0x7e except for any of ("(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT). None of the characters above are within that range, so the cookie value must be quoted. (It looks to me like Cookie names must always be in US-ASCII... I didn't think that was the case but I'm not motivated to track-down every word of the spec looking for justification). What is the character encoding of the request? What client are you using? Who created the cookie in the first place? > I have tried playing around with the parameters in the > catalana.properties file but with no success. Is there a way to > remove all checking of cookies ? Tomcat has become more standards-strict in version 7. This page should give you a bit of insight, though it is quite technical: http://wiki.apache.org/tomcat/Cookies > Possible solutions are to revert to Tomcat 6, change web server, or > encode the cookies. We are planning a go-live a week from now so > reverting to Tomcat 6 seems to be the solution in the short term. You decided to start testing with a new major application server version 1 week before deployment? Hmm. Sounds like using Tomcat 6 is the right short-term move. You really need to identify the problem, though: it's only going to get worse. Now, if you had Tomcat 6 create those cookies and the client is sending them back tom Tomcat 7, then you may want to expire those old cookies and see what a Tomcat 7 roundtrip looks like. Tomcat 7 may be more properly encoding the cookies in the first place, solving the problem before it begins. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS7qPGAAoJEBzwKT+lPKRYmeEP/A8O5vxtTJ2dnQnQn6dzkNv7 g+YSx8c1Va1QkHlZe1vUefUlZJ1SkzFivbmyTX3TFsKI8wDPNOWRjJusHxDKnIjl URpeCew8/1vUWtuN1xvCXO4OWE5UdPRktmKn+aO4anuKvZGrl7OnEMXx0Ans4U9k 6SLYcYkT8rnwjrwyp5/xoc8hEaUWRHQZCNAaU1//OC0OFV+MLiL2IgVucg8CdvIk v/z5DxIvGvhTkHBzWztlOku6l43yyJMEs8XsYPGwOgAY4KYu1vDLMBtDq3HZ9Coz mSX3ytGrth3XAJbPdcopYcVU96XFEtOPwvBcGU+GEVf2Gc0C1GWE1ZVntwlTAbvD TBISsjzuOouI/6LjjdCAUnHNBjnHGv0vk0R3CFXu4igxDKM/2CrBA/keJ7IUYQku dB/y4hsNPkQ4wHJVLof7l+bYI6TbzS6xVpR3QPwlmVub0mRiYND4kcnDYrf21SFU hsAewZyRGxk41pM/Y5e0Ep1tCqVbgMn76nwuhmL07YLnkY7+75LMVJgnT2HA4ZXh SUwB2zp4qa43baQ0T+iAe6a1wEPRjdlV2PKeHlFv1u304HG8Ke4bB6QBQWlWDXYr lqiqMetQNrkKK6WXmGkvkXnu736EGizeMY/D+C7RFPb5i+7ejsX/nMV5C6nHrZM9 xX9SxRXlZkABNFwV+8kg =0leN -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
