Cookie's value and double quotes with tomcat 6.0.10

Mon, 07 May 2007 04:01:43 -0700 

Hi everyone!

First, thanks for reading this.

Here is the situation: 

Entrust (a provider of security solutions) offers Java-based security 
applications for enterprises. 
Their installer installs an own Java virtual machine for each application as 
well as an own Tomcat (v 5.5.17)

As we are already running some self-developed servlets, 
we wish to extract the server application and run it with our own JVM (6u1) and 
Tomcat (6.0.10).
That's what we did: the servlets are up and running. 

But we are apparently facing a problem regarding the cookie's value.
When I am running the ISAPI redirector in DEBUG mode, I get this:

[Fri May 04 17:59:08 2007] [1308:1988] [debug] jk_ajp_common.c (684): Header[3] 
[Set-Cookie] = 
[EntrustTruePassID="\"7.0|Y249U[...]PUx1ZnRoYW5zYSwgYz1kZQ==|1|2007-05-04 
15:59:08 UTC|1200|50|-61|Qx2M2Q==|[...]3VmobNkg8j46JaoSkgMCTU=\""; 
Domain=.blabla.com; Path=/; Secure]

The cookie's value is twice double quoted -> the inner double quotes have been 
backslashed.
On a test server, with the native install of this application, the same log 
entry looks like this:

[Fri May 04 15:57:29 2007] [1884:3676] [debug] jk_ajp_common.c (684): Header[3] 
[Set-Cookie] = [EntrustTruePassID="7.[...]fDs==|1|2007-05-04 13:57:29 
UTC|1200|50|0|Qx2M2Q==|[..]/d5wFNo145sdCJHdGXkayL8v3RFTSv2VT5Wvd6zixINFvHywI55zeDJq8len0=";
 domain=.blabla.com; path=/; secure]

Because the cookie's value has been changed, the authentication process fails:

Fri May 04 17:59:09 2007 - WARNING       - 
[SessionValidationImpl::checkAuthentication()] - Auth cookie: Reporting Error:
TruePass: TPAuthCookie - Could not create the cookie using the cookie string
                Line number: 253
                File name: AuthCookie.cpp
        caused by TruePass: TPAuthCookie - Could not validate the 
authentication cookie
                Line number: 976
                File name: AuthCookie.cpp
        caused by TruePass: TPAuthCookie - The authentication cookie string is 
improperly formatted
                Line number: 763
                File name: AuthCookie.cpp


Before I give up, I would like to ask the specialists, if I am missing any 
point here ;)
I read some posts about v0 cookies values problems 
(http://issues.apache.org/bugzilla/show_bug.cgi?id=36863) 
and I am wondering if it may also be a Tomcat problem here.

Tanks a lot for your time
Best regards

Valéry.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to