[MGNLPN-380] VisitorDetectorFilter unable to create returning cookies for paths containing semi-colons on Tomcat 8.5 Created: 25/Apr/17  Updated: 16/May/17  Resolved: 10/May/17

Status: Closed
Project: Magnolia Personalization
Component/s: None
Affects Version/s: 1.3.3
Fix Version/s: 1.2.11, 1.3.4, 1.4.5

Type: Bug Priority: Neutral
Reporter: Viet Nguyen Assignee: Roman Kovařík
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
is depended upon by MGNLPN-223 Some traits might be session scoped Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Sprint: Kromeriz 96
Story Points: 2

 Description   

Thanks to buf481 from Telia, we've got this issue while setting cookies values back to response as below:
Tomcat 8.5.0 and later introduced a new cookie processor which has a different set of validations than before. (using Rfc6265CookieProcessor vs what is now called LegacyCookieProcessor). Since url paths allow a wider and different set of characters than he cookie spec does, we run into issues with path segments containing semi-colon, such as the path "/portal/cases;page=1" (this is apparently a fairly common construction when using angular2, or so the frontend developers tell me). I would imagine that the visitor filter should consider encoding non-user-provided values when constructing cookies.

type Exception report
message An invalid path [/portal/login;unauthorized=true] was specified for this cookie
description The server encountered an internal error that prevented it from fulfilling this request.
exception
java.lang.IllegalArgumentException: An invalid path [/portal/login;unauthorized=true] was specified for this cookie
    org.apache.tomcat.util.http.Rfc6265CookieProcessor.validatePath(Rfc6265CookieProcessor.java:207)
    org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:132)
    org.apache.catalina.connector.Response.generateCookieString(Response.java:989)
    org.apache.catalina.connector.Response.addCookie(Response.java:937)
    org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386)
    javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58)
    info.magnolia.personalization.visitor.VisitorDetectorFilter.addCookie(VisitorDetectorFilter.java:99)
    info.magnolia.personalization.visitor.VisitorDetectorFilter.detect(VisitorDetectorFilter.java:77)
    info.magnolia.personalization.visitor.VisitorDetectorFilter.detect(VisitorDetectorFilter.java:40)
    info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:66)
    info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
    info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
    info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:74)
    info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
    info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
    info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:74)
    info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
    info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
    info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:74)
    info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
    info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
    info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155)
    info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
    info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
    info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128)
    info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
    info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
    info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
    info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
    info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107)
    info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
    info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108)
    info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94)
    com.teliasonera.agora.core.requesthandling.common.spi.ServletForwardFilter.doFilter(ServletForwardFilter.java:123)
    com.teliasonera.agora.core.requestinfo.impl.RequestInfoFilter.doFilter(RequestInfoFilter.java:101)

Generated at Mon Feb 12 06:37:04 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.