PQ56638: HTTP TRANSPORT NSAPI DOES NOT PARSE COOKIES WITH DOUBLE QUOTES | |||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description iPlanet inserts escape characters when double quotes are included in cookie names. This applies only to iPlanet HTTP Server and WAS4.0. . If the following cookies are created by a browser . <script> document.cookie = 'TestCookie="Hello"; secure;'; document.cookie = 'TestCookie2="Goodbye"; secure;'; </script> . The HTTP Transport native.log file with tracing enabled shows that the cb_get_headers function parses out the cookies as follows . Hello\ and Goodbye\ The error message cb_get_header: Failed to parse and set headers exception is thrown.Local fix No Workaround exists other than not to use quotes in cookie headers.Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server version 4.0.0, * * 4.0.1, or 4.0.2 users who use quotes in the * * values for Cookie headers with iPlanet * * webserver. * **************************************************************** * PROBLEM DESCRIPTION: iPlanet webserver would escape the * * quotes in the Cookie header but the * * plugin didn't parse the escape * * correctly. As a result the header * * parsing would be invalid. * **************************************************************** * RECOMMENDATION: * **************************************************************** When cookie values contained quotes, iPlanet webserver would escape them in the string the plugin used to parse but the plugin would not be expecting the quotes and parsing would fail.Problem conclusion Modify the plugin so that if a quote is escaped it continues to parse the cookie header until the real end of the header is reached.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ56638
IBM Group: Software Group
Modified date: Nov 1, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.