Yes, that is the correct BZ issue. It was decided that TC would quote cookie values containing special characters, even for v0 cookies. The thought was that browsers would likely understand the quoted value and handle it correctly. It seems that Entrust thought the same thing, and they came up with their nasty little hack to quote the value. You will have to take it up with Entrust and get them to stop trying to quote the cookie value themselves.
<[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hi everyone! First, thanks for reading this. Here is the situation: Entrust (a provider of security solutions) offers Java-based security applications for enterprises. Their installer installs an own Java virtual machine for each application as well as an own Tomcat (v 5.5.17) As we are already running some self-developed servlets, we wish to extract the server application and run it with our own JVM (6u1) and Tomcat (6.0.10). That's what we did: the servlets are up and running. But we are apparently facing a problem regarding the cookie's value. When I am running the ISAPI redirector in DEBUG mode, I get this: [Fri May 04 17:59:08 2007] [1308:1988] [debug] jk_ajp_common.c (684): Header[3] [Set-Cookie] = [EntrustTruePassID="\"7.0|Y249U[...]PUx1ZnRoYW5zYSwgYz1kZQ==|1|2007-05-04 15:59:08 UTC|1200|50|-61|Qx2M2Q==|[...]3VmobNkg8j46JaoSkgMCTU=\""; Domain=.blabla.com; Path=/; Secure] The cookie's value is twice double quoted -> the inner double quotes have been backslashed. On a test server, with the native install of this application, the same log entry looks like this: [Fri May 04 15:57:29 2007] [1884:3676] [debug] jk_ajp_common.c (684): Header[3] [Set-Cookie] = [EntrustTruePassID="7.[...]fDs==|1|2007-05-04 13:57:29 UTC|1200|50|0|Qx2M2Q==|[..]/d5wFNo145sdCJHdGXkayL8v3RFTSv2VT5Wvd6zixINFvHywI55zeDJq8len0="; domain=.blabla.com; path=/; secure] Because the cookie's value has been changed, the authentication process fails: Fri May 04 17:59:09 2007 - WARNING - [SessionValidationImpl::checkAuthentication()] - Auth cookie: Reporting Error: TruePass: TPAuthCookie - Could not create the cookie using the cookie string Line number: 253 File name: AuthCookie.cpp caused by TruePass: TPAuthCookie - Could not validate the authentication cookie Line number: 976 File name: AuthCookie.cpp caused by TruePass: TPAuthCookie - The authentication cookie string is improperly formatted Line number: 763 File name: AuthCookie.cpp Before I give up, I would like to ask the specialists, if I am missing any point here ;) I read some posts about v0 cookies values problems (http://issues.apache.org/bugzilla/show_bug.cgi?id=36863) and I am wondering if it may also be a Tomcat problem here. Tanks a lot for your time Best regards Valéry. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
