Closed MP3GMike closed 4 years ago
Hello,
Could you please provide more details on the issue reproduction ? Do you have a unit test that can be added to cover this issue ?
For information,, the Grinder is still using Java8 for compilation and there is known limitation with higher Java versions
Could you please check you are using the latest version (and not overloading) grinder-http.jar file ? I added your test case to the testsuite and it's passing: https://github.com/cossme/grinder/commit/b486e050f722e007adbc3a94d688c3651864d2c7
Hello,
Could you please provide more details on the issue reproduction ? Do you have a unit test that can be added to cover this issue ?
For information,, the Grinder is still using Java8 for compilation and there is known limitation with higher Java versions
Hello,
Could you please provide more details on the issue reproduction ? Do you have a unit test that can be added to cover this issue ?
For information,, the Grinder is still using Java8 for compilation and there is known limitation with higher Java versions
hi, this was the case:
Original Cookie: csrf_xxxx=907bdc0226512c6c163ec305eb02b53c; expires=Wed, 17-Jun-2020 08:53:08 GMT; Max-Age=22000; path=/;HttpOnly;Secure, xxxx_session=m2q29qedevbhc75p6g2tq1njh6ebb85q; expires=Wed, 17-Jun-2020 14:46:28 GMT; Max-Age=43200; path=/; HttpOnly;HttpOnly;Secure
after parsing, the cookie looks like: Cookie after: csrf_xxxx=907bdc0226512c6c163ec305eb02b53c; expires=Wed, 17-Jun-2020 08:53:08 GMT; Max-Age=22000; path=/;Secure, xxxx_session=m2q29qedevbhc75p6g2tq1njh6ebb85q; expires=Wed, 17-Jun-2020 14:46:28 GMT; Max-Age=43200; path=/;Secure; HttpOnly;
so, there are 3 HttpOnly in the original cookie and after the grinder parses, it only removes two and one HttpOnly still remains.
This is the original code in Cookie.java line 168: set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly;",";"); set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly,",","); set_cookie = set_cookie.replaceAll("(?i);\s*HttpOnly$",";");
So I fixed by adding: set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly;",";"); `set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly;",";");` set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly,",","); set_cookie = set_cookie.replaceAll("(?i);\sHttpOnly$",";");
And now it's working. Not beautiful, but it was an urgent fix by 4am.
Can I commit the change?
Regards, Miguel
Hi,
You can commit in a branch and submit a pull request. Please add a test case as well. I would like to review the whole function because if we follow this logic we can agree on having 3 occurrences of the same header or even more.
Thank you
Looking better at the code, it appears the Secure Header is well managed - multi occurrences are supported. I change the code to manage HttpOnly just like Secure. This way you should have a cleaner code that work whatever the number of HttpOnly header occurrences and whatever the position (followed by ; , or nothing)
Check out the branch
I will merge later on
Hi Miguel,
I have merge the fix in the 4.0.2-SNAPSHOT branch, Please check it out and let me know !
thanks!
Hi,
I have this cookie with HttpOnly:
csrf_x=f74735354645575672c37f4; expires=Tue, 16-Jun-2020 13:29:05 GMT; Max-Age=22000; path=/;Secure, x_session=1gasfstertwetr9345835i3mr8jkc5eth; expires=Tue, 16-Jun-2020 19:22:25 GMT; Max-Age=43200; path=/;HttpOnly;Secure
and is giving me this error:
in call Caused by: java.net.ProtocolException: Bad Set-Cookie header: csrf_habitat=b610d461cd3c0397b3517604a375f2e6; expires=Tue, 16-Jun-2020 13:29:05 GMT; Max-Age=22000; path=/;Secure, Habitat_session=34e2m783bc537vkqfu3o9q9i5hdim7ru; expires=Tue, 16-Jun-2020 19:22:25 GMT; Max-Age=43200; path=/;HttpOnly;Secure No '=' found for token starting at position 227
Can you help pls?
I tried to fix the problem in the code, but I have many errors in the build:
C:\Users\mchillitupa\git\grinder\grinder-core\src\main\java\net\grinder\console\editor\TextSource.java:52: error: bad use of '>'
true
=> the text has changed.Can you tell me, why? is it maybe my JDK versión?