search

erlyaws / yaws

Yaws webserver
https://erlyaws.github.io
BSD 3-Clause "New" or "Revised" License
1.28k stars 267 forks source link

yaws_api:parse_cookie(Str) return [] #333

Open memacs opened 6 years ago

memacs commented 6 years ago

I hava a cookie, 

"QN1=dXrgjVrqaxEuvRe0H6YdAg==; QN243=72; QN25=82a9a2a3-ec38-4e38-b78b-057fc5f9636e-9f992f90; _i=RBTKSwn6xd-VxgOw6_TO9N5Z3Fbx; _vi=ErElzmjxsa0uV5FPi_r5xiFRQB5n1jAXTo3LqBKgRm5viZ0B_CC2wAcR0VBUO1QrTzS-tKzX1hEuq-13oO890mFd-3a_0uQWKgKUkOSR_DJYqguz1tyEKX9WEbmxme7zjkwWXXgqr_86YH0qMgn6PHSXwMGfuHoMZiaqScwGxSDF; fid=fcefde0c-7d80-46ae-8969-49fe0b59d66f; QN271=e2b20f4a-bfb7-4bae-872a-c2f3ded45672; QN43=2; QN42=%E5%88%98%E5%B8%86; _q=U.esbnomd3156; _t=25530365; csrfToken=IqYbdFNxPQnCZqVuPezzAyLuzzwnjyDt; _s=s_UEMMZXWDWKMHGZ4Q4EQEJQT57M; _v=jXhrHX3dNwg8Bh6gz450ZKARqiXfyXJdR3M4VhSB9iT5PT0Fsi0LZtDNTlJDDt7ziT9EZWgR5BG95mC6g8vXsvC3L1L1jdmkPi_cWx9JXFi_67ndWrzqyUYE7iSfhpRfWjnVQRN1TRRv0upMqGHdFf8rLdnD5nDzxfgihMP7Y8QE; QN44=esbnomd3156; QunarGlobal=10.86.213.151_1e9d65bb_16320441ba4_119c|1525255516387; QN99=9494; QN269=4FD5EDB04DF011E8ACB5FA163E233FC1; PHPSESSID=j3rq22l8oim5id6ouvsdieev44; QN48=tc_61d7988bd35b650e_163205037a3_6157; q_ckey=dT1lc2Jub21kMzE1NiZrPTlBM0U3RDE1OTc5MDM5NUE5QzU3MzM0MzYzNkI3QTY3JnQ9MTUyNTMxMjI3NDkwNg==; l-pswebapp1-8000-PORTAL-PSJSESSIONID=-SIjqqbXNz_fN35Rb2gsDHHwVgELahB1!-820342716; ExpirePage=http://ehr.corp.qunar.com/psp/HCMPRD/; PS_LOGINLIST=http://ehr.corp.qunar.com/HCMPRD; PS_TOKENEXPIRE=03_May_2018_01:42:58_GMT; SignOnDefault=lffan.liu; HPTabName=DEFAULT; HPTabNameRemote=; LastActiveTab=DEFAULT; ps_theme=node:HRMS portal:EMPLOYEE theme_id:DEFAULT_THEME_TANGERINE_ALT css:DEFAULT_THEME_TANGERINE_ALT accessibility:N; psback=\"\"url\":\"http%3A%2F%2Fehr.corp.qunar.com%2Fpsp%2FHCMPRD%2FEMPLOYEE%2FHRMS%2Fh%2F%3Ftab%3DDEFAULT\" \"label\":\"%E4%B8%BB%E9%A1%B5\" \"origin\":\"PIA\"\"; PS_TOKEN=pwAAAAQDAgEBAAAAvAIAAAAAAAAsAAAABABTaGRyAk4Acwg4AC4AMQAwABT9DWpP03W97OFD9r/q+eJZYKcO9mcAAAAFAFNkYXRhW3icHYsxDkBAAATnEKXCPwjH4QWiFFQa0UgkohG/8zib20lms8U+QBQGxqi/AJ/04hA7NzkXJy/xysBMMko9C5vmRG0pKOnI1M678rY61t6ORq6EpRUOfiRpDVM=; http%3a%2f%2fehr.corp.qunar.com%2fpsp%2fhcmprd%2femployee%2fhrms%2frefresh=list:%20%3Ftab%3Dhc_ux_manager_dashboard%7C%3Frp%3Dhc_ux_manager_dashboard%7C%3Ftab%3Dremoteunifieddashboard%..."

In firefox, It can be parse correctly

0e9e8b8af626865fd4eed933cead8fd9

But I call yaws_api:parse_cookie(Str) , it return []. when I delete

 ps_theme=node:HRMS portal:EMPLOYEE theme_id:DEFAULT_THEME_TANGERINE_ALT css:DEFAULT_THEME_TANGERINE_ALT accessibility:N; psback=\"\"url\":\"http%3A%2F%2Fehr.corp.qunar.com%2Fpsp%2FHCMPRD%2FEMPLOYEE%2FHRMS%2Fh%2F%3Ftab%3DDEFAULT\" \"label\":\"%E4%B8%BB%E9%A1%B5\" \"origin\":\"PIA\"\";

It return the normal result. following is the process

(ejahttp@l-xxxx)9> yaws_api:parse_cookie("QN1=dXrgjVrqaxEuvRe0H6YdAg==; QN243=72; QN25=82a9a2a3-ec38-4e38-b78b-057fc5f9636e-9f992f90; _i=RBTKSwn6xd-VxgOw6_TO9N5Z3Fbx; _vi=ErElzmjxsa0uV5FPi_r5xiFRQB5n1jAXTo3LqBKgRm5viZ0B_CC2wAcR0VBUO1QrTzS-tKzX1hEuq-13oO890mFd-3a_0uQWKgKUkOSR_DJYqguz1tyEKX9WEbmxme7zjkwWXXgqr_86YH0qMgn6PHSXwMGfuHoMZiaqScwGxSDF; fid=fcefde0c-7d80-46ae-8969-49fe0b59d66f; QN271=e2b20f4a-bfb7-4bae-872a-c2f3ded45672; QN43=2; QN42=%E5%88%98%E5%B8%86; _q=U.esbnomd3156; _t=25530365; csrfToken=IqYbdFNxPQnCZqVuPezzAyLuzzwnjyDt; _s=s_UEMMZXWDWKMHGZ4Q4EQEJQT57M; _v=jXhrHX3dNwg8Bh6gz450ZKARqiXfyXJdR3M4VhSB9iT5PT0Fsi0LZtDNTlJDDt7ziT9EZWgR5BG95mC6g8vXsvC3L1L1jdmkPi_cWx9JXFi_67ndWrzqyUYE7iSfhpRfWjnVQRN1TRRv0upMqGHdFf8rLdnD5nDzxfgihMP7Y8QE; QN44=esbnomd3156; QunarGlobal=10.86.213.151_1e9d65bb_16320441ba4_119c|1525255516387; QN99=9494; QN269=4FD5EDB04DF011E8ACB5FA163E233FC1; PHPSESSID=j3rq22l8oim5id6ouvsdieev44; QN48=tc_61d7988bd35b650e_163205037a3_6157; q_ckey=dT1lc2Jub21kMzE1NiZrPTlBM0U3RDE1OTc5MDM5NUE5QzU3MzM0MzYzNkI3QTY3JnQ9MTUyNTMxMjI3NDkwNg==; l-pswebapp1-8000-PORTAL-PSJSESSIONID=-SIjqqbXNz_fN35Rb2gsDHHwVgELahB1!-820342716; ExpirePage=http://ehr.corp.qunar.com/psp/HCMPRD/; PS_LOGINLIST=http://ehr.corp.qunar.com/HCMPRD; PS_TOKENEXPIRE=03_May_2018_01:42:58_GMT; SignOnDefault=lffan.liu; HPTabName=DEFAULT; HPTabNameRemote=; LastActiveTab=DEFAULT; ps_theme=node:HRMS portal:EMPLOYEE theme_id:DEFAULT_THEME_TANGERINE_ALT css:DEFAULT_THEME_TANGERINE_ALT accessibility:N; psback=\"\"url\":\"http%3A%2F%2Fehr.corp.qunar.com%2Fpsp%2FHCMPRD%2FEMPLOYEE%2FHRMS%2Fh%2F%3Ftab%3DDEFAULT\" \"label\":\"%E4%B8%BB%E9%A1%B5\" \"origin\":\"PIA\"\"; PS_TOKEN=pwAAAAQDAgEBAAAAvAIAAAAAAAAsAAAABABTaGRyAk4Acwg4AC4AMQAwABT9DWpP03W97OFD9r/q+eJZYKcO9mcAAAAFAFNkYXRhW3icHYsxDkBAAATnEKXCPwjH4QWiFFQa0UgkohG/8zib20lms8U+QBQGxqi/AJ/04hA7NzkXJy/xysBMMko9C5vmRG0pKOnI1M678rY61t6ORq6EpRUOfiRpDVM=; http%3a%2f%2fehr.corp.qunar.com%2fpsp%2fhcmprd%2femployee%2fhrms%2frefresh=list:%20%3Ftab%3Dhc_ux_manager_dashboard%7C%3Frp%3Dhc_ux_manager_dashboard%7C%3Ftab%3Dremoteunifieddashboard%...").
[]
(ejahttp@l-xxxx)10> yaws_api:parse_cookie("QN1=dXrgjVrqaxEuvRe0H6YdAg==; QN243=72; QN25=82a9a2a3-ec38-4e38-b78b-057fc5f9636e-9f992f90; _i=RBTKSwn6xd-VxgOw6_TO9N5Z3Fbx; _vi=ErElzmjxsa0uV5FPi_r5xiFRQB5n1jAXTo3LqBKgRm5viZ0B_CC2wAcR0VBUO1QrTzS-tKzX1hEuq-13oO890mFd-3a_0uQWKgKUkOSR_DJYqguz1tyEKX9WEbmxme7zjkwWXXgqr_86YH0qMgn6PHSXwMGfuHoMZiaqScwGxSDF; fid=fcefde0c-7d80-46ae-8969-49fe0b59d66f; QN271=e2b20f4a-bfb7-4bae-872a-c2f3ded45672; QN43=2; QN42=%E5%88%98%E5%B8%86; _q=U.esbnomd3156; _t=25530365; csrfToken=IqYbdFNxPQnCZqVuPezzAyLuzzwnjyDt; _s=s_UEMMZXWDWKMHGZ4Q4EQEJQT57M; _v=jXhrHX3dNwg8Bh6gz450ZKARqiXfyXJdR3M4VhSB9iT5PT0Fsi0LZtDNTlJDDt7ziT9EZWgR5BG95mC6g8vXsvC3L1L1jdmkPi_cWx9JXFi_67ndWrzqyUYE7iSfhpRfWjnVQRN1TRRv0upMqGHdFf8rLdnD5nDzxfgihMP7Y8QE; QN44=esbnomd3156; QunarGlobal=10.86.213.151_1e9d65bb_16320441ba4_119c|1525255516387; QN99=9494; QN269=4FD5EDB04DF011E8ACB5FA163E233FC1; PHPSESSID=j3rq22l8oim5id6ouvsdieev44; QN48=tc_61d7988bd35b650e_163205037a3_6157; q_ckey=dT1lc2Jub21kMzE1NiZrPTlBM0U3RDE1OTc5MDM5NUE5QzU3MzM0MzYzNkI3QTY3JnQ9MTUyNTMxMjI3NDkwNg==; l-pswebapp1-8000-PORTAL-PSJSESSIONID=-SIjqqbXNz_fN35Rb2gsDHHwVgELahB1!-820342716; ExpirePage=http://ehr.corp.qunar.com/psp/HCMPRD/; PS_LOGINLIST=http://ehr.corp.qunar.com/HCMPRD; PS_TOKENEXPIRE=03_May_2018_01:42:58_GMT; SignOnDefault=lffan.liu; HPTabName=DEFAULT; HPTabNameRemote=; LastActiveTab=DEFAULT; ps_theme=node:HRMS portal:EMPLOYEE theme_id:DEFAULT_THEME_TANGERINE_ALT css:DEFAULT_THEME_TANGERINE_ALT accessibility:N; PS_TOKEN=pwAAAAQDAgEBAAAAvAIAAAAAAAAsAAAABABTaGRyAk4Acwg4AC4AMQAwABT9DWpP03W97OFD9r/q+eJZYKcO9mcAAAAFAFNkYXRhW3icHYsxDkBAAATnEKXCPwjH4QWiFFQa0UgkohG/8zib20lms8U+QBQGxqi/AJ/04hA7NzkXJy/xysBMMko9C5vmRG0pKOnI1M678rY61t6ORq6EpRUOfiRpDVM=; http%3a%2f%2fehr.corp.qunar.com%2fpsp%2fhcmprd%2femployee%2fhrms%2frefresh=list:%20%3Ftab%3Dhc_ux_manager_dashboard%7C%3Frp%3Dhc_ux_manager_dashboard%7C%3Ftab%3Dremoteunifieddashboard%...").
[]
(ejahttp@l-xxxx)11> yaws_api:parse_cookie("QN1=dXrgjVrqaxEuvRe0H6YdAg==; QN243=72; QN25=82a9a2a3-ec38-4e38-b78b-057fc5f9636e-9f992f90; _i=RBTKSwn6xd-VxgOw6_TO9N5Z3Fbx; _vi=ErElzmjxsa0uV5FPi_r5xiFRQB5n1jAXTo3LqBKgRm5viZ0B_CC2wAcR0VBUO1QrTzS-tKzX1hEuq-13oO890mFd-3a_0uQWKgKUkOSR_DJYqguz1tyEKX9WEbmxme7zjkwWXXgqr_86YH0qMgn6PHSXwMGfuHoMZiaqScwGxSDF; fid=fcefde0c-7d80-46ae-8969-49fe0b59d66f; QN271=e2b20f4a-bfb7-4bae-872a-c2f3ded45672; QN43=2; QN42=%E5%88%98%E5%B8%86; _q=U.esbnomd3156; _t=25530365; csrfToken=IqYbdFNxPQnCZqVuPezzAyLuzzwnjyDt; _s=s_UEMMZXWDWKMHGZ4Q4EQEJQT57M; _v=jXhrHX3dNwg8Bh6gz450ZKARqiXfyXJdR3M4VhSB9iT5PT0Fsi0LZtDNTlJDDt7ziT9EZWgR5BG95mC6g8vXsvC3L1L1jdmkPi_cWx9JXFi_67ndWrzqyUYE7iSfhpRfWjnVQRN1TRRv0upMqGHdFf8rLdnD5nDzxfgihMP7Y8QE; QN44=esbnomd3156; QunarGlobal=10.86.213.151_1e9d65bb_16320441ba4_119c|1525255516387; QN99=9494; QN269=4FD5EDB04DF011E8ACB5FA163E233FC1; PHPSESSID=j3rq22l8oim5id6ouvsdieev44; QN48=tc_61d7988bd35b650e_163205037a3_6157; q_ckey=dT1lc2Jub21kMzE1NiZrPTlBM0U3RDE1OTc5MDM5NUE5QzU3MzM0MzYzNkI3QTY3JnQ9MTUyNTMxMjI3NDkwNg==; l-pswebapp1-8000-PORTAL-PSJSESSIONID=-SIjqqbXNz_fN35Rb2gsDHHwVgELahB1!-820342716; ExpirePage=http://ehr.corp.qunar.com/psp/HCMPRD/; PS_LOGINLIST=http://ehr.corp.qunar.com/HCMPRD; PS_TOKENEXPIRE=03_May_2018_01:42:58_GMT; SignOnDefault=lffan.liu; HPTabName=DEFAULT; HPTabNameRemote=; LastActiveTab=DEFAULT; psback=\"\"url\":\"http%3A%2F%2Fehr.corp.qunar.com%2Fpsp%2FHCMPRD%2FEMPLOYEE%2FHRMS%2Fh%2F%3Ftab%3DDEFAULT\" \"label\":\"%E4%B8%BB%E9%A1%B5\" \"origin\":\"PIA\"\"; PS_TOKEN=pwAAAAQDAgEBAAAAvAIAAAAAAAAsAAAABABTaGRyAk4Acwg4AC4AMQAwABT9DWpP03W97OFD9r/q+eJZYKcO9mcAAAAFAFNkYXRhW3icHYsxDkBAAATnEKXCPwjH4QWiFFQa0UgkohG/8zib20lms8U+QBQGxqi/AJ/04hA7NzkXJy/xysBMMko9C5vmRG0pKOnI1M678rY61t6ORq6EpRUOfiRpDVM=; http%3a%2f%2fehr.corp.qunar.com%2fpsp%2fhcmprd%2femployee%2fhrms%2frefresh=list:%20%3Ftab%3Dhc_ux_manager_dashboard%7C%3Frp%3Dhc_ux_manager_dashboard%7C%3Ftab%3Dremoteunifieddashboard%...").
[]
(ejahttp@l-xxxx)12> yaws_api:parse_cookie("QN1=dXrgjVrqaxEuvRe0H6YdAg==; QN243=72; QN25=82a9a2a3-ec38-4e38-b78b-057fc5f9636e-9f992f90; _i=RBTKSwn6xd-VxgOw6_TO9N5Z3Fbx; _vi=ErElzmjxsa0uV5FPi_r5xiFRQB5n1jAXTo3LqBKgRm5viZ0B_CC2wAcR0VBUO1QrTzS-tKzX1hEuq-13oO890mFd-3a_0uQWKgKUkOSR_DJYqguz1tyEKX9WEbmxme7zjkwWXXgqr_86YH0qMgn6PHSXwMGfuHoMZiaqScwGxSDF; fid=fcefde0c-7d80-46ae-8969-49fe0b59d66f; QN271=e2b20f4a-bfb7-4bae-872a-c2f3ded45672; QN43=2; QN42=%E5%88%98%E5%B8%86; _q=U.esbnomd3156; _t=25530365; csrfToken=IqYbdFNxPQnCZqVuPezzAyLuzzwnjyDt; _s=s_UEMMZXWDWKMHGZ4Q4EQEJQT57M; _v=jXhrHX3dNwg8Bh6gz450ZKARqiXfyXJdR3M4VhSB9iT5PT0Fsi0LZtDNTlJDDt7ziT9EZWgR5BG95mC6g8vXsvC3L1L1jdmkPi_cWx9JXFi_67ndWrzqyUYE7iSfhpRfWjnVQRN1TRRv0upMqGHdFf8rLdnD5nDzxfgihMP7Y8QE; QN44=esbnomd3156; QunarGlobal=10.86.213.151_1e9d65bb_16320441ba4_119c|1525255516387; QN99=9494; QN269=4FD5EDB04DF011E8ACB5FA163E233FC1; PHPSESSID=j3rq22l8oim5id6ouvsdieev44; QN48=tc_61d7988bd35b650e_163205037a3_6157; q_ckey=dT1lc2Jub21kMzE1NiZrPTlBM0U3RDE1OTc5MDM5NUE5QzU3MzM0MzYzNkI3QTY3JnQ9MTUyNTMxMjI3NDkwNg==; l-pswebapp1-8000-PORTAL-PSJSESSIONID=-SIjqqbXNz_fN35Rb2gsDHHwVgELahB1!-820342716; ExpirePage=http://ehr.corp.qunar.com/psp/HCMPRD/; PS_LOGINLIST=http://ehr.corp.qunar.com/HCMPRD; PS_TOKENEXPIRE=03_May_2018_01:42:58_GMT; SignOnDefault=lffan.liu; HPTabName=DEFAULT; HPTabNameRemote=; LastActiveTab=DEFAULT;  PS_TOKEN=pwAAAAQDAgEBAAAAvAIAAAAAAAAsAAAABABTaGRyAk4Acwg4AC4AMQAwABT9DWpP03W97OFD9r/q+eJZYKcO9mcAAAAFAFNkYXRhW3icHYsxDkBAAATnEKXCPwjH4QWiFFQa0UgkohG/8zib20lms8U+QBQGxqi/AJ/04hA7NzkXJy/xysBMMko9C5vmRG0pKOnI1M678rY61t6ORq6EpRUOfiRpDVM=; http%3a%2f%2fehr.corp.qunar.com%2fpsp%2fhcmprd%2femployee%2fhrms%2frefresh=list:%20%3Ftab%3Dhc_ux_manager_dashboard%7C%3Frp%3Dhc_ux_manager_dashboard%7C%3Ftab%3Dremoteunifieddashboard%...").
[{cookie,"qn1","dXrgjVrqaxEuvRe0H6YdAg==",false},
 {cookie,"qn243","72",false},
 {cookie,"qn25",
         "82a9a2a3-ec38-4e38-b78b-057fc5f9636e-9f992f90",false},
 {cookie,"_i","RBTKSwn6xd-VxgOw6_TO9N5Z3Fbx",false},
 {cookie,"_vi",
         "ErElzmjxsa0uV5FPi_r5xiFRQB5n1jAXTo3LqBKgRm5viZ0B_CC2wAcR0VBUO1QrTzS-tKzX1hEuq-13oO890mFd-3a_0uQWKgKUkOSR_DJYqguz1tyEKX9WEbmxme7zjkwWXXgqr_86YH0qMgn6PHSXwMGfuHoMZiaqScwGxSDF",
         false},
 {cookie,"fid","fcefde0c-7d80-46ae-8969-49fe0b59d66f",false},
 {cookie,"qn271","e2b20f4a-bfb7-4bae-872a-c2f3ded45672",
         false},
 {cookie,"qn43","2",false},
 {cookie,"qn42","%E5%88%98%E5%B8%86",false},
 {cookie,"_q","U.esbnomd3156",false},
 {cookie,"_t","25530365",false},
 {cookie,"csrftoken","IqYbdFNxPQnCZqVuPezzAyLuzzwnjyDt",
         false},
 {cookie,"_s","s_UEMMZXWDWKMHGZ4Q4EQEJQT57M",false},
 {cookie,"_v",
         "jXhrHX3dNwg8Bh6gz450ZKARqiXfyXJdR3M4VhSB9iT5PT0Fsi0LZtDNTlJDDt7ziT9EZWgR5BG95mC6g8vXsvC3L1L1jdmkPi_cWx9JXFi_67ndWrzqyUYE7iSfhpRfWjnVQRN1TRRv0upMqGHdFf8rLdnD5nDzxfgihMP7Y8QE",
         false},
 {cookie,"qn44","esbnomd3156",false},
 {cookie,"qunarglobal",
         "10.86.213.151_1e9d65bb_16320441ba4_119c|1525255516387",
         false},
 {cookie,"qn99","9494",false},
 {cookie,"qn269","4FD5EDB04DF011E8ACB5FA163E233FC1",false},
 {cookie,"phpsessid","j3rq22l8oim5id6ouvsdieev44",false},
 {cookie,"qn48","tc_61d7988bd35b650e_163205037a3_6157",false},
 {cookie,"q_ckey",
         "dT1lc2Jub21kMzE1NiZrPTlBM0U3RDE1OTc5MDM5NUE5QzU3MzM0MzYzNkI3QTY3JnQ9MTUyNTMxMjI3NDkwNg==",
         false},
 {cookie,"l-pswebapp1-8000-portal-psjsessionid",
         "-SIjqqbXNz_fN35Rb2gsDHHwVgELahB1!-820342716",false},
 {cookie,"expirepage",
         "http://ehr.corp.qunar.com/psp/HCMPRD/",false},
 {cookie,"ps_loginlist","http://ehr.corp.qunar.com/HCMPRD",
         false},
 {cookie,"ps_tokenexpire","03_May_2018_01:42:58_GMT",false},
 {cookie,"signondefault",[...],...},
 {cookie,[...],...},
 {cookie,...},
 {...}|...]
vinoski commented 6 years ago

According to RFC 6265, neither whitespace nor double quotes are allowed in cookie values:

 cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                   ; US-ASCII characters excluding CTLs,
                   ; whitespace DQUOTE, comma, semicolon,
                   ; and backslash

So, this is a case where if we follow the spec strictly, then cookies accepted by other looser parsers will be rejected (as in this case), but if we loosen our parser to allow such cookies, then others might encounter unexpected errors with their cookies because they expect strict parsing.

I'll try to see if there's a way we can add a parse_cookie variant that users can choose to call to perform less strict parsing.

memacs commented 6 years ago

thanks for your help