-
Bug
-
Resolution: Fixed
-
Neutral
-
1.3.3
-
None
-
None
-
-
Empty show more show less
-
Kromeriz 96
-
2
Thanks to buf481 from Telia, we've got this issue while setting cookies values back to response as below:
Tomcat 8.5.0 and later introduced a new cookie processor which has a different set of validations than before. (using Rfc6265CookieProcessor vs what is now called LegacyCookieProcessor). Since url paths allow a wider and different set of characters than he cookie spec does, we run into issues with path segments containing semi-colon, such as the path "/portal/cases;page=1" (this is apparently a fairly common construction when using angular2, or so the frontend developers tell me). I would imagine that the visitor filter should consider encoding non-user-provided values when constructing cookies.
type Exception report message An invalid path [/portal/login;unauthorized=true] was specified for this cookie description The server encountered an internal error that prevented it from fulfilling this request. exception java.lang.IllegalArgumentException: An invalid path [/portal/login;unauthorized=true] was specified for this cookie org.apache.tomcat.util.http.Rfc6265CookieProcessor.validatePath(Rfc6265CookieProcessor.java:207) org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:132) org.apache.catalina.connector.Response.generateCookieString(Response.java:989) org.apache.catalina.connector.Response.addCookie(Response.java:937) org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386) javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58) info.magnolia.personalization.visitor.VisitorDetectorFilter.addCookie(VisitorDetectorFilter.java:99) info.magnolia.personalization.visitor.VisitorDetectorFilter.detect(VisitorDetectorFilter.java:77) info.magnolia.personalization.visitor.VisitorDetectorFilter.detect(VisitorDetectorFilter.java:40) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:66) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:74) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:74) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:74) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107) info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94) com.teliasonera.agora.core.requesthandling.common.spi.ServletForwardFilter.doFilter(ServletForwardFilter.java:123) com.teliasonera.agora.core.requestinfo.impl.RequestInfoFilter.doFilter(RequestInfoFilter.java:101)
- is depended upon by
-
MGNLPN-223 Some traits might be session scoped
- Closed