Closed GoogleCodeExporter closed 9 years ago
In issue #8 I pointed out that I can set a cookie such as the one you describe,
and read it back without issue. However, I am setting it from the client side
through my own code where I know it is being encoded properly. I believe this
issue points to a lack of proper encoding of the cookie from your server.
That said, I do see how I can adapt to such a thing to be more flexible.
Original comment by auldrid...@gmail.com
on 16 Jul 2010 at 1:49
Thnks for the speedy reply.
I looked at the RFCs on this, and I believe this is legitimate cookie content.
I think the only rule with special characters (like equals) is that they must
be quoted, not escaped. That's per RFC2965 sec 3.1 and RFC 2068 sec 2.2. I'd
expect the browser to remove the quotes, so I don't think that's an issue for
your code.
Original comment by wpie...@gmail.com
on 16 Jul 2010 at 8:12
Thanks for the good info.
My testing shows that sending with a double quote wrapped string results in the
double quotes being included in the written cooke value and encoded.
So this line of code
{{{
setcookie( 'test1', '"test2=test3"');
}}}
results in this cookie in the document.cookie string:
test1=%22test2%3Dtest3%22
It seems to me like I should only allow for anything in the value to return IF
I see that the value is wrapped in double quotes after decoding. That said,
I'm not being strict in following the RFC as it is, because I'm not enforcing
that the name of the cookie be a token. I will probably take your initial
advice on how to fix this, but I want to think about the RFCs some more and
decide whether I should get strict or not.
Original comment by auldrid...@gmail.com
on 16 Jul 2010 at 8:31
Issue 32 has been merged into this issue.
Original comment by auldrid...@gmail.com
on 10 Nov 2010 at 1:52
I just want to note that Facebook's authentication mechanism uses a cookie with
name=value strings. And I had to stop using this otherwise great jQuery plugin
because of this issue with Facebook. So this is not a little issue that only a
few people will ever experience...
I recognize that Facebook may not be dealing with cookies properly, so maybe
there should be a getRawCookie type of method?
Original comment by scott%gi...@gtempaccount.com
on 10 Nov 2010 at 2:51
Ok, so somehow there are big issues between what I am working with locally, and
what comes from some servers.
I have commit a change in r75 which no longer assumes that split on = produces
only two values.
Can anyone on this thread give it a test in areas where you once had problems?
I have never been able to reproduce it, and all my test cases have always
passed (and still do after this change).
Thanks,
Jim
Original comment by auldrid...@gmail.com
on 10 Nov 2010 at 10:59
Original comment by auldrid...@gmail.com
on 10 Nov 2010 at 11:38
bump... please read and respond to comment 6...
Original comment by auldrid...@gmail.com
on 27 Jan 2011 at 4:34
considering fixed in r75 unless comments I requested in comment 8 say otherwise
Original comment by auldrid...@gmail.com
on 27 Jan 2011 at 5:16
Hi! This was for a prototype, and I archived all of that code long ago. But the
way I would test this:
From the server, send a cookie of the form
cookiename=key1=val1&key2=val2&key3=val3
On the client, get the cookie value and make sure it contains the whole string
rather than just "key1", which is what it was returning before.
Like Scott, my issue was with Facebook, so if you're looking for a real-world
example, I'd try that.
Original comment by wpie...@gmail.com
on 27 Jan 2011 at 6:25
Ok, I used your example as I don't see anything in my own FB cookies which
looks like that. It now works as you were originally expecting, so I consider
this fixed.
Thanks!
Jim
Original comment by auldrid...@gmail.com
on 27 Jan 2011 at 7:28
Original comment by auldrid...@gmail.com
on 27 Jan 2011 at 7:28
Great! My hazy recollection is that it happened to me during the process of
authenticating a Facebook app.
If you just need more real-world examples, though, you can do something like
cut -f 7 FIREFOX_PROFILE_DIRECTORY/cookies.txt | grep =
I get more than a hundred matches.
Original comment by wpie...@gmail.com
on 27 Jan 2011 at 9:09
Original issue reported on code.google.com by
wpie...@gmail.com
on 14 Jul 2010 at 10:07