Uploaded image for project: 'Magnolia Personalization'
  1. Magnolia Personalization
  2. MGNLPN-380

VisitorDetectorFilter unable to create returning cookies for paths containing semi-colons on Tomcat 8.5

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Neutral
    • 1.2.11, 1.3.4, 1.4.5
    • 1.3.3
    • None
    • None
    • Kromeriz 96
    • 2

    Description

      Thanks to buf481 from Telia, we've got this issue while setting cookies values back to response as below:
      Tomcat 8.5.0 and later introduced a new cookie processor which has a different set of validations than before. (using Rfc6265CookieProcessor vs what is now called LegacyCookieProcessor). Since url paths allow a wider and different set of characters than he cookie spec does, we run into issues with path segments containing semi-colon, such as the path "/portal/cases;page=1" (this is apparently a fairly common construction when using angular2, or so the frontend developers tell me). I would imagine that the visitor filter should consider encoding non-user-provided values when constructing cookies.

      type Exception report
      message An invalid path [/portal/login;unauthorized=true] was specified for this cookie
      description The server encountered an internal error that prevented it from fulfilling this request.
      exception
      java.lang.IllegalArgumentException: An invalid path [/portal/login;unauthorized=true] was specified for this cookie
          org.apache.tomcat.util.http.Rfc6265CookieProcessor.validatePath(Rfc6265CookieProcessor.java:207)
          org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:132)
          org.apache.catalina.connector.Response.generateCookieString(Response.java:989)
          org.apache.catalina.connector.Response.addCookie(Response.java:937)
          org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386)
          javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58)
          info.magnolia.personalization.visitor.VisitorDetectorFilter.addCookie(VisitorDetectorFilter.java:99)
          info.magnolia.personalization.visitor.VisitorDetectorFilter.detect(VisitorDetectorFilter.java:77)
          info.magnolia.personalization.visitor.VisitorDetectorFilter.detect(VisitorDetectorFilter.java:40)
          info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:66)
          info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
          info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
          info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:74)
          info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
          info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
          info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:74)
          info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
          info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
          info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:74)
          info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
          info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
          info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155)
          info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
          info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
          info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128)
          info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
          info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
          info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
          info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
          info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107)
          info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
          info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108)
          info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94)
          com.teliasonera.agora.core.requesthandling.common.spi.ServletForwardFilter.doFilter(ServletForwardFilter.java:123)
          com.teliasonera.agora.core.requestinfo.impl.RequestInfoFilter.doFilter(RequestInfoFilter.java:101)
      

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                rkovarik Roman Kovařík
                viet.nguyen Viet Nguyen
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD