multiple cookies in a single response

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

multiple cookies in a single response

Dick Heijink
Hello list,

I am new to this list, so please excuse me if this is not the appropriate place for my question.
We're developing a web application using the Hyper Server. We ran into some problems when we tried to set multiple cookies in a single response. Although Hyper 'correctly' implements the RFC that states that multiple cookies should be comma separated into a single Set-Cookie field, most browsers have different ideas about this.
See http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies for more information on browsers and their cookie behavior.
Contrary to what the RFC states, all browsers accept multiple Set-Cookie headers in a response. I've implemented this behavior in Hyper by changing the valueAsStringOn instance method in the HyHTTPSetCookie class.

valuesAsStringOn: aStream
    aStream nextPutAll: (self cookies at: 1).
    2
        to: self cookies size
        do:
            [:cookieIndex |
            aStream
                crlf;
                nextPutAll: self name;
                nextPutAll: ': ';
                nextPutAll: (self cookies at: cookieIndex)].
    ^self

Has anybody else experienced problems using multiple cookies in a single response?

Dick Heijink

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Swazoo-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/swazoo-devel
Reply | Threaded
Open this post in threaded view
|

Re: multiple cookies in a single response

Bruce Badger
Dick,

Firstly, this list is absolutely the right place for such questions.

I confess that I don't use cookies at all, so I can't say that I have
run into the problem you see.

Thank you very much for bringing this up.   May I include you code in
future versions of Hyper under the LGPL?   I will credit you, of
course.   I'll have a look at the link you gave and run some tests.

Many thanks,
    Bruce


On 18 March 2010 10:09, Dick Heijink <[hidden email]> wrote:

> Hello list,
>
> I am new to this list, so please excuse me if this is not the appropriate
> place for my question.
> We're developing a web application using the Hyper Server. We ran into some
> problems when we tried to set multiple cookies in a single response.
> Although Hyper 'correctly' implements the RFC that states that multiple
> cookies should be comma separated into a single Set-Cookie field, most
> browsers have different ideas about this.
> See
> http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies
> for more information on browsers and their cookie behavior.
> Contrary to what the RFC states, all browsers accept multiple Set-Cookie
> headers in a response. I've implemented this behavior in Hyper by changing
> the valueAsStringOn instance method in the HyHTTPSetCookie class.
>
> valuesAsStringOn: aStream
>     aStream nextPutAll: (self cookies at: 1).
>     2
>         to: self cookies size
>         do:
>             [:cookieIndex |
>             aStream
>                 crlf;
>                 nextPutAll: self name;
>                 nextPutAll: ': ';
>                 nextPutAll: (self cookies at: cookieIndex)].
>     ^self
>
> Has anybody else experienced problems using multiple cookies in a single
> response?
>
> Dick Heijink
>
> ------------------------------------------------------------------------------
> Download Intel&#174; Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Swazoo-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/swazoo-devel
>
>



--
Make the most of your skills - with OpenSkills
http://www.openskills.org/

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Swazoo-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/swazoo-devel
Reply | Threaded
Open this post in threaded view
|

Re: multiple cookies in a single response

Dick Heijink
Thank you for quick response, Bruce.

Please feel free to adapt the code to suit your needs/coding practices.

Dick Heijink

2010/3/18 Bruce Badger <[hidden email]>
Dick,

Firstly, this list is absolutely the right place for such questions.

I confess that I don't use cookies at all, so I can't say that I have
run into the problem you see.

Thank you very much for bringing this up.   May I include you code in
future versions of Hyper under the LGPL?   I will credit you, of
course.   I'll have a look at the link you gave and run some tests.

Many thanks,
   Bruce


On 18 March 2010 10:09, Dick Heijink <[hidden email]> wrote:
> Hello list,
>
> I am new to this list, so please excuse me if this is not the appropriate
> place for my question.
> We're developing a web application using the Hyper Server. We ran into some
> problems when we tried to set multiple cookies in a single response.
> Although Hyper 'correctly' implements the RFC that states that multiple
> cookies should be comma separated into a single Set-Cookie field, most
> browsers have different ideas about this.
> See
> http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies
> for more information on browsers and their cookie behavior.
> Contrary to what the RFC states, all browsers accept multiple Set-Cookie
> headers in a response. I've implemented this behavior in Hyper by changing
> the valueAsStringOn instance method in the HyHTTPSetCookie class.
>
> valuesAsStringOn: aStream
>     aStream nextPutAll: (self cookies at: 1).
>     2
>         to: self cookies size
>         do:
>             [:cookieIndex |
>             aStream
>                 crlf;
>                 nextPutAll: self name;
>                 nextPutAll: ': ';
>                 nextPutAll: (self cookies at: cookieIndex)].
>     ^self
>
> Has anybody else experienced problems using multiple cookies in a single
> response?
>
> Dick Heijink
>
> ------------------------------------------------------------------------------
> Download Intel&#174; Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Swazoo-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/swazoo-devel
>
>



--
Make the most of your skills - with OpenSkills
http://www.openskills.org/

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Swazoo-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/swazoo-devel


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Swazoo-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/swazoo-devel
Reply | Threaded
Open this post in threaded view
|

Re: multiple cookies in a single response

Philippe Marschall
In reply to this post by Dick Heijink
2010/3/18 Dick Heijink <[hidden email]>:

> Hello list,
>
> I am new to this list, so please excuse me if this is not the appropriate
> place for my question.
> We're developing a web application using the Hyper Server. We ran into some
> problems when we tried to set multiple cookies in a single response.
> Although Hyper 'correctly' implements the RFC that states that multiple
> cookies should be comma separated into a single Set-Cookie field, most
> browsers have different ideas about this.
> See
> http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies
> for more information on browsers and their cookie behavior.
> Contrary to what the RFC states, all browsers accept multiple Set-Cookie
> headers in a response. I've implemented this behavior in Hyper by changing
> the valueAsStringOn instance method in the HyHTTPSetCookie class.
>
> valuesAsStringOn: aStream
>     aStream nextPutAll: (self cookies at: 1).
>     2
>         to: self cookies size
>         do:
>             [:cookieIndex |
>             aStream
>                 crlf;
>                 nextPutAll: self name;
>                 nextPutAll: ': ';
>                 nextPutAll: (self cookies at: cookieIndex)].
>     ^self
>
> Has anybody else experienced problems using multiple cookies in a single
> response?

Yes we (Seaside) did and reported it here. We were told that this is a
bug in browsers (which we agree on) so there's no need to fix it in
Swazoo (which we disagree on).

Seaside hacks around it with a custom cookie header class.

Cheers
Philippe

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Swazoo-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/swazoo-devel
Reply | Threaded
Open this post in threaded view
|

Re: multiple cookies in a single response

Bruce Badger
Phileppe,

On 18 March 2010 11:29, Philippe Marschall <[hidden email]> wrote:
> Yes we (Seaside) did and reported it here. We were told that this is a
> bug in browsers (which we agree on) so there's no need to fix it in
> Swazoo (which we disagree on).

Well, I'll be fixing this in Hyper.  :-)

--
Make the most of your skills - with OpenSkills
http://www.openskills.org/

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Swazoo-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/swazoo-devel