Bug in WEBrick::Cookie

21 views
Skip to first unread message

Aaron Patterson

unread,
Sep 1, 2006, 11:46:03 PM9/1/06
to
Hi. I'm not sure if this is the correct mailing list for this, but.... I
think that WEBrick::Cookie::parse_set_cookie should return an
array of cookies rather than just one. RFC2109 section 4.2.2 says:

Informally, the Set-Cookie response header comprises the token Set-
Cookie:, followed by a comma-separated list of one or more cookies.

I've found at least one site (http://mail.google.com/mail/) sending multiple
cookies in one Set-Cookie header. I've included a patch below that made
it work a bit better for me. Sorry the patch is kind of long because I
indented stuff....

This also seems to be a problem in CGI::Cookie::parse.

--Aaron

--- lib/webrick/cookie.rb.old 2006-09-01 20:38:39.000000000 -0700
+++ lib/webrick/cookie.rb 2006-09-01 20:41:04.000000000 -0700
@@ -77,28 +77,32 @@
end

def self.parse_set_cookie(str)
- cookie_elem = str.split(/;/)
- first_elem = cookie_elem.shift
- first_elem.strip!
- key, value = first_elem.split(/=/, 2)
- cookie = new(key, HTTPUtils.dequote(value))
- cookie_elem.each{|pair|
- pair.strip!
- key, value = pair.split(/=/, 2)
- if value
- value = HTTPUtils.dequote(value.strip)
- end
- case key.downcase
- when "domain" then cookie.domain = value
- when "path" then cookie.path = value
- when "expires" then cookie.expires = value
- when "max-age" then cookie.max_age = Integer(value)
- when "comment" then cookie.comment = value
- when "version" then cookie.version = Integer(value)
- when "secure" then cookie.secure = true
- end
+ cookies = []
+ str.gsub(/(,([^;,]*=)|,$)/) { "\r\n#{$2}" }.split(/\r\n/).each { |c|
+ cookie_elem = c.split(/;/)
+ first_elem = cookie_elem.shift
+ first_elem.strip!
+ key, value = first_elem.split(/=/, 2)
+ cookie = new(key, HTTPUtils.dequote(value))
+ cookie_elem.each{|pair|
+ pair.strip!
+ key, value = pair.split(/=/, 2)
+ if value
+ value = HTTPUtils.dequote(value.strip)
+ end
+ case key.downcase
+ when "domain" then cookie.domain = value
+ when "path" then cookie.path = value
+ when "expires" then cookie.expires = value
+ when "max-age" then cookie.max_age = Integer(value)
+ when "comment" then cookie.comment = value
+ when "version" then cookie.version = Integer(value)
+ when "secure" then cookie.secure = true
+ end
+ }
+ cookies << cookie
}
- return cookie
+ return cookies
end
end
end

Reply all
Reply to author
Forward
0 new messages