Well it looks like our environment is working fine with the url-encoded
cookie setting, but it's really messed up, that I had to do this, just
because of GlassFish v3.
I don't really see why the '=' made any problem in the issue, but I
guess there could be better solutions for that, other than adding
quoting marks and version parameter...
Regards,
Peter
2010-01-27 16:18 keltezéssel, Major Péter írta:
> As far as I see, the agent uses the getCookies method, so I can only
> imagine, that this issue wasn't backported to GFv2.1.1 or there it is
> solved in a completely different way...
>
> 2010-01-27 02:31 keltezéssel, Shing Wai Chan írta:
>> This has been changed due to
>> https://glassfish.dev.java.net/issues/show_bug.cgi?id=6875
>> If the value of the cookie has special characters,
>> then we will put a double-quote in the value and change cookie version
>> to be equal to 1.
>>
>> When the browsers receive the cookie, the version info is not saved.
>> And the cookie with value having a double quote is sent to the server.
>> GlassFish and latest Tomcat will remove the double quote regardless of
>> the cookie version.
>> Therefore, when we call HttpServletRequest.getCookies(), the cookies
>> values are correct.
>> (It will not have any double quote.)
>>
>> The problem will arise if there are codes interpreting the http request
>> header directly.
>> In this case, the double quote will be treated as part of the cookie
>> value which is problematic.
>>
>> If the cookie value is url encoded, there will be no double quoted added.
>> The problem will go away as you noticed.
>>
>> Shing Wai Chan
>>
>>
>> Jan Luehe wrote:
>>> Hi Peter,
>>>
>>> On 01/25/10 05:44 PM, Major Péter wrote:
>>>> Hi,
>>>>
>>>> Is it possible, that something changed in the cookie handling between
>>>> GFv2 and v3? I'm experiencing some problems with my OpenSSO + Agent
>>>> configurations, possibly because the cookies are in GFv3 now by default
>>>> url-encoded. Is this true? If so, how can I disable this behaviour?
>>>>
>>>
>>> You mean "session ids" [as opposed to cookies] are in GFv3 now by default
>>> url-encoded", right? :)
>>>
>>> Yes, this is a side-effect of the fix for:
>>>
>>> https://glassfish.dev.java.net/issues/show_bug.cgi?id=4394
>>>
>>> See the comment I had added there:
>>>
>>> <comment>
>>> Based on feedback received by the community, "enableURLRewriting"
>>> needs to be supported as a property "in its own right", i.e., it must be
>>> possible to set both "enableCookies" and "enableURLRewriting" to
>>> "true" (or
>>> "false") at the same time.
>>>
>>> paulcb_at_dev.java.net wrote:
>>>
>>> Personally I think that the way it was before was much better in
>>> that the server effectively assumes the worst case (there is no cookie
>>> support) and rewrites the first URL and sets a cookie. If a request
>>> has a
>>> cookie, then it would no longer rewrite the urls.
>>>
>>> See the thread at
>>> http://forums.java.net/jive/thread.jspa?messageID=328588 for
>>> additional details.
>>>
>>> By default, both "enableCookies" and "enableURLRewriting" will be
>>> set to true.
>>> </comment>
>>>
>>> Note that Servlet 3.0 adds standard support for configuring the
>>> desired session tracking modes for your application. You can disable URL
>>> rewriting either declaratively (in your web.xml), as follows:
>>>
>>> <web-app>
>>> <session-config>
>>> <tracking-mode>COOKIE</tracking-mode>
>>> </session-config>
>>> </web-app>
>>>
>>> OR programmatically (e.g., from a ServletContextListener), like this:
>>>
>>> servletContext.setSessionTrackingModes(EnumSet.of(
>>> SessionTrackingMode.COOKIE));
>>>
>>> Hope this helps.
>>>
>>> Thanks,
>>>
>>>
>>> Jan
>>>
>>>> Thanks.
>>>>
>>>> Best Regards,
>>>> Peter Major