This has been changed due to
https://glassfish.dev.java.net/issues/show_bug.cgi?id=6875
If the value of the cookie has special characters,
then we will put a double-quote in the value and change cookie version
to be equal to 1.
When the browsers receive the cookie, the version info is not saved.
And the cookie with value having a double quote is sent to the server.
GlassFish and latest Tomcat will remove the double quote regardless of
the cookie version.
Therefore, when we call HttpServletRequest.getCookies(), the cookies
values are correct.
(It will not have any double quote.)
The problem will arise if there are codes interpreting the http request
header directly.
In this case, the double quote will be treated as part of the cookie
value which is problematic.
If the cookie value is url encoded, there will be no double quoted added.
The problem will go away as you noticed.
Shing Wai Chan
Jan Luehe wrote:
> Hi Peter,
>
> On 01/25/10 05:44 PM, Major Péter wrote:
>> Hi,
>>
>> Is it possible, that something changed in the cookie handling between
>> GFv2 and v3? I'm experiencing some problems with my OpenSSO + Agent
>> configurations, possibly because the cookies are in GFv3 now by default
>> url-encoded. Is this true? If so, how can I disable this behaviour?
>>
>
> You mean "session ids" [as opposed to cookies] are in GFv3 now by default
> url-encoded", right? :)
>
> Yes, this is a side-effect of the fix for:
>
> https://glassfish.dev.java.net/issues/show_bug.cgi?id=4394
>
> See the comment I had added there:
>
> <comment>
> Based on feedback received by the community, "enableURLRewriting"
> needs to be supported as a property "in its own right", i.e., it must be
> possible to set both "enableCookies" and "enableURLRewriting" to
> "true" (or
> "false") at the same time.
>
> paulcb_at_dev.java.net wrote:
>
> Personally I think that the way it was before was much better in
> that the server effectively assumes the worst case (there is no cookie
> support) and rewrites the first URL and sets a cookie. If a request
> has a
> cookie, then it would no longer rewrite the urls.
>
> See the thread at
> http://forums.java.net/jive/thread.jspa?messageID=328588 for
> additional details.
>
> By default, both "enableCookies" and "enableURLRewriting" will be
> set to true.
> </comment>
>
> Note that Servlet 3.0 adds standard support for configuring the
> desired session tracking modes for your application. You can disable URL
> rewriting either declaratively (in your web.xml), as follows:
>
> <web-app>
> <session-config>
> <tracking-mode>COOKIE</tracking-mode>
> </session-config>
> </web-app>
>
> OR programmatically (e.g., from a ServletContextListener), like this:
>
> servletContext.setSessionTrackingModes(EnumSet.of(
> SessionTrackingMode.COOKIE));
>
> Hope this helps.
>
> Thanks,
>
>
> Jan
>
>> Thanks.
>>
>> Best Regards,
>> Peter Major
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>