[
https://issues.apache.org/jira/browse/AXIS2C-1511?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12971389#action_12971389
]
Ch Zhang commented on AXIS2C-1511:
----------------------------------
Here is the w3c.org standard:
http://www.w3.org/Protocols/rfc2109/rfc2109
6.3 Implementation Limits
Practical user agent implementations have limits on the number and
size of cookies that they can store. In general, user agents' cookie
support should have no fixed limits. They should strive to store as
many frequently-used cookies as possible. Furthermore, general-use
user agents should provide each of the following minimum capabilities
individually, although not necessarily simultaneously:
* at least 300 cookies
* at least 4096 bytes per cookie (as measured by the size of the
characters that comprise the cookie non-terminal in the syntax
description of the Set-Cookie header)
* at least 20 cookies per unique host or domain name
User agents created for specific purposes or for limited-capacity
devices should provide at least 20 cookies of 4096 bytes, to ensure
that the user can interact with a session-based origin server.
The information in a Set-Cookie response header must be retained in
its entirety. If for some reason there is inadequate space to store
the cookie, it must be discarded, not truncated.
Applications should use as few and as small cookies as possible, and
they should cope gracefully with the loss of a cookie.
Also reference ms implementations:
http://support.microsoft.com/kb/820129
> infinite loop when consuming a .NET ws with long header string (more than 512
> chars in a row).
> ----------------------------------------------------------------------------------------------
>
> Key: AXIS2C-1511
> URL: https://issues.apache.org/jira/browse/AXIS2C-1511
> Project: Axis2-C
> Issue Type: Bug
> Components: transport/http
> Affects Versions: 1.6.0
> Environment: RHEL Linux 4.3. Axis2/c 1.6.0
> Reporter: Ch Zhang
> Priority: Critical
>
> Here is the http headers from the response from the web service (get from
> tcpmon):
> HTTP/1.1 200 OK
> Date: Tue, 14 Dec 2010 18:47:17 GMT
> Server: Microsoft-IIS/6.0
> X-Powered-By: ASP.NET
> X-AspNet-Version: 2.0.50727
> Set-Cookie:
> pabca=E1805E180758BC35D93575A3597546AFD230A7607FA5BAE50040E84E5D45EB45732A0F11E079EE9233258616347A96DA23EE87A42A999CE55679596A4C2E7505CEC45630684815FB399246F720B76DC12DC52D9AE57ECD329F1BD0D10F09B284280733B6C21213053E1E4E6974668B77B0EFE7FFFB39F51F4A4F02ED6C2BA46531BAF3412E667076A5D677A933D6FE9EDD37488867D7CD5D9E0FA205E62002BE3E0818427A07EE8A52A99DF0605DC9AF0C93A1610285E65CF59397F6A06959C48CB83268E2BDC3DA1578D1082F4578A9A4B594F58FB41596F108E5D486C2B1E9DBA3F9E;
> domain=somecompany.com; path=/; HttpOnly
> Cache-Control: private, max-age=0
> Content-Type: application/soap+xml; charset=utf-8
> Content-Length: 899
> Beause the header: "Set-Cookie" is too long (it has 516 chars), so pasring
> this line in "core/transport/http/sender/http_client.c" line 623(see below),
> axis2/c enters an infinite loop because it cannot find the end of line. The
> client never finishes because of this infinite loop.
> /* now read the headers */
> memset(str_header, 0, 512);
> end_of_line = AXIS2_FALSE;
> while (AXIS2_FALSE == end_of_headers)
> {
> while ((read = axutil_stream_read(client->data_stream, env, tmp_buf,
> 1)) > 0)
> {
> tmp_buf[read] = '\0';
> strcat(str_header, tmp_buf);
> if (0 != strstr(str_header, AXIS2_HTTP_CRLF)) /* !!! never true
> !!!*/
> {
> end_of_line = AXIS2_TRUE;
> break;
> }
> }
> if (AXIS2_TRUE == end_of_line)
> {
> if (0 == axutil_strcmp(str_header, AXIS2_HTTP_CRLF))
> {
> end_of_headers = AXIS2_TRUE;
> }
> else
> {
> axis2_http_header_t *tmp_header =
> axis2_http_header_create_by_str(env, str_header);
> memset(str_header, 0, 512);
> if (tmp_header)
> {
> axis2_http_simple_response_set_header(client->response,
> env, tmp_header);
> }
> }
> }
> end_of_line = AXIS2_FALSE;
> }
> axis2_http_simple_response_set_body_stream(client->response, env,
> client->data_stream);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
