Cookie Handling [rack/rack GH-8]
9 views
Skip to first unread message
Christian Neukirchen
Dec 2, 2009, 8:13:58 AM12/2/09
to rack-...@googlegroups.com
mhat sent you a message.
--------------------
Rack appears to incorrectly handle cookies with values that are
quoted-strings. RFC2109 states that a value is a word and a may either
a token or a quoted-string. Rack is handling quoted-string values as
if they were tokens. Naturally this causes some problems.
It looks like the issue stems from the fact that Rack::Request#cookies
uses Rack::Utils.parse_query. What parse_query does makes sense for
parameters, but I think it is incorrect for cookie values.
If I have a cookie like so:
POST /acme/shipping HTTP/1.1
Cookie: $Version="1";
Customer="WILE_E_COYOTE"; $Path="/acme";
Part_Number="Rocket_Launcher_0001"; $Path="/acme"
The ruby String value for key Customer should be "WILE_E_COYOTE"
rather than "\"WILE_E_COYOTE\"".
You can imagine how this handling of quoted strings leads to
interoperability problems with other application stacks.
View this Issue online: http://github.com/rack/rack/issues#issue/8
--------------------
--------------------
Rack appears to incorrectly handle cookies with values that are
quoted-strings. RFC2109 states that a value is a word and a may either
a token or a quoted-string. Rack is handling quoted-string values as
if they were tokens. Naturally this causes some problems.
It looks like the issue stems from the fact that Rack::Request#cookies
uses Rack::Utils.parse_query. What parse_query does makes sense for
parameters, but I think it is incorrect for cookie values.
If I have a cookie like so:
POST /acme/shipping HTTP/1.1
Cookie: $Version="1";
Customer="WILE_E_COYOTE"; $Path="/acme";
Part_Number="Rocket_Launcher_0001"; $Path="/acme"
The ruby String value for key Customer should be "WILE_E_COYOTE"
rather than "\"WILE_E_COYOTE\"".
You can imagine how this handling of quoted strings leads to
interoperability problems with other application stacks.
View this Issue online: http://github.com/rack/rack/issues#issue/8
--------------------
Scytrin dai Kinthra
Dec 2, 2009, 12:19:10 PM12/2/09
to rack-...@googlegroups.com
I can see about fixing this today if no one else is claiming it.
--
stadik.net
Scytrin dai Kinthra
Dec 3, 2009, 6:56:20 PM12/3/09
to rack-...@googlegroups.com
Fixed, and pushed. Josh, you may want to add a few more tests or adjust the code as you've done the latest tweaking on #parse_query
--
stadik.net
On Dec 2, 2009 9:19 AM, "Scytrin dai Kinthra" <scy...@gmail.com> wrote:I can see about fixing this today if no one else is claiming it.
--
stadik.net
> > On Dec 2, 2009 5:14 AM, "Christian Neukirchen" <chneuk...@gmail.com> wrote: > > mhat sent yo...
Joshua Peek
Dec 3, 2009, 8:21:01 PM12/3/09
to rack-...@googlegroups.com
Looks good.
--
Joshua Peek
Joshua Peek
Reply all
Reply to author
Forward
0 new messages