"Debugging" _WOCookieParser, an IllegalStateException is thrown when it encounters a problem. The exception is caught and WOApplication.application().handleMalformedCookieString() is called. in WOApplication.application().handleMalformedCookieString(), the initialisation parameter is checked and then returns the NSDictionary of already parsed cookies (if parameter set to true).
This confirms that it does quit processing subsequent cookies on the first error encountered :) Regards, Peter On 11/02/2011, at 12:21 PM, Tom M. Blenko wrote: > > I had the flag running in production on one site for a couple of years (same > situation you mention) with no problems - I don't believe it just quits > parsing on a single error but I don't know. You might want use > WOApplication.handleMalformedCookieString(), which returns cookies > successfully parsed, if you want to check it out further or try to better > recovery yourself. > > Tom > > > On Feb 10, 2011, at 4:30 PM, Peter Vandoros wrote: > >> With the initialisation parameter you mention, I believe the CookieParser >> will stop parsing subsequent cookies once it encounters a malformed one. >> This means that if the malformed cookie happens to be the first one, as sent >> by the user's browser, then you application won't receive any subsequent >> cookies. This will obviously break the WO session handling via cookies. >> >> I'm not sure what to do other than "write" your own _CookieParser :) >> >> Regards, >> >> Peter >> >> On 11/02/2011, at 7:14 AM, Dov Rosenberg wrote: >> >>> We came across a strange issue that took a bit to figure out but thought it >>> would be worthwhile to let everyone else know what happened >>> >>> Problem >>> Some users were having trouble saving a form (WOComponent based) >>> intermittently. Normally these kinds of problems are nearly impossible to >>> figure out unless you get lucky. We got lucky. >>> >>> Root Cause >>> Looking thru the log files we saw a handful of error messages that looked >>> like >>> >>> 410901380 [http-8228-Processor2] WARN er.extensions.appserver.ERXRequest - >>> java.lang.IllegalStateException: Malformed cookie content: >>> >>> The default OOTB behavior of WebObjects is to throw an exception when a >>> malformed cookie is detected in the HTTP Request. This disrupts the normal >>> HTTP request/response loop which played hell with our WOComponent. >>> >>> The malformed cookie was being set by another web site in their domain that >>> was using Google Analytics. Not sure what the problem was with the cookie – >>> saw one that URL encoded 4 times over and another with a null value. >>> >>> Solution >>> Thankfully the WO folks realized that throwing an exception while >>> processing cookies might be a bad thing (default behavior) that they added >>> an initialization parameter to change the default behavior to something >>> more sensible. By setting WOAcceptMalformedCookies=true all cookies will be >>> accepted but the malformed ones will be dropped and not processed. After >>> changing the default behavior our app stopped misbehaving. >>> >>> Not sure if changing the default behavior is a good thing from a security >>> perspective but it did resolve the error for us. Anyone have any thoughts >>> on the impact of this change? >>> >>> Dov Rosenberg >>> InQuira >>> >>> >>> _______________________________________________ >>> Do not post admin requests to the list. They will be ignored. >>> Webobjects-dev mailing list ([email protected]) >>> Help/Unsubscribe/Update your Subscription: >>> http://lists.apple.com/mailman/options/webobjects-dev/peter.vandoros%40gmail.com >>> >>> This email sent to [email protected] >> >> _______________________________________________ >> Do not post admin requests to the list. They will be ignored. >> Webobjects-dev mailing list ([email protected]) >> Help/Unsubscribe/Update your Subscription: >> http://lists.apple.com/mailman/options/webobjects-dev/blenko%40martingalesystems.com >> >> This email sent to [email protected] > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > http://lists.apple.com/mailman/options/webobjects-dev/peter.vandoros%40gmail.com > > This email sent to [email protected] _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
