rack-devel archive mirror (unofficial) https://groups.google.com/group/rack-devel
 help / color / mirror / code / Atom feed
* Cookie Handling [rack/rack GH-8]
@ 2009-12-02 13:13 Christian Neukirchen
       [not found] ` <5a9d52bd0912020917q180168a3t48343dcc1f7fba1@mail.gmail.com>
  0 siblings, 1 reply; 4+ messages in thread
From: Christian Neukirchen @ 2009-12-02 13:13 UTC (permalink / raw)
  To: rack-devel

mhat sent you a message.

--------------------
Rack appears to incorrectly handle cookies with values that are
quoted-strings. RFC2109 states that a value is a word and a may either
a token or a quoted-string. Rack is handling quoted-string values as
if they were tokens. Naturally this causes some problems.

It looks like the issue stems from the fact that Rack::Request#cookies
uses Rack::Utils.parse_query. What parse_query does makes sense for
parameters, but I think it is incorrect for cookie values.

If I have a cookie like so:
POST /acme/shipping HTTP/1.1
Cookie: $Version="1";
   Customer="WILE_E_COYOTE"; $Path="/acme";
   Part_Number="Rocket_Launcher_0001"; $Path="/acme"

The ruby String value for key Customer should be "WILE_E_COYOTE"
rather than "\"WILE_E_COYOTE\"".

You can imagine how this handling of quoted strings leads to
interoperability problems with other application stacks.

View this Issue online: http://github.com/rack/rack/issues#issue/8
--------------------

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Cookie Handling [rack/rack GH-8]
       [not found] ` <5a9d52bd0912020917q180168a3t48343dcc1f7fba1@mail.gmail.com>
@ 2009-12-02 17:19   ` Scytrin dai Kinthra
       [not found]     ` <5a9d52bd0912031555y5acedb5aua57038aa8a53a070@mail.gmail.com>
  0 siblings, 1 reply; 4+ messages in thread
From: Scytrin dai Kinthra @ 2009-12-02 17:19 UTC (permalink / raw)
  To: rack-devel

[-- Attachment #1: Type: text/plain, Size: 1152 bytes --]

I can see about fixing this today if no one else is claiming it.
--
stadik.net

On Dec 2, 2009 5:14 AM, "Christian Neukirchen" <chneukirchen@gmail.com>
wrote:

mhat sent you a message.

--------------------
Rack appears to incorrectly handle cookies with values that are
quoted-strings. RFC2109 states that a value is a word and a may either
a token or a quoted-string. Rack is handling quoted-string values as
if they were tokens. Naturally this causes some problems.

It looks like the issue stems from the fact that Rack::Request#cookies
uses Rack::Utils.parse_query. What parse_query does makes sense for
parameters, but I think it is incorrect for cookie values.

If I have a cookie like so:
POST /acme/shipping HTTP/1.1
Cookie: $Version="1";
   Customer="WILE_E_COYOTE"; $Path="/acme";
   Part_Number="Rocket_Launcher_0001"; $Path="/acme"

The ruby String value for key Customer should be "WILE_E_COYOTE"
rather than "\"WILE_E_COYOTE\"".

You can imagine how this handling of quoted strings leads to
interoperability problems with other application stacks.

View this Issue online: http://github.com/rack/rack/issues#issue/8
--------------------

[-- Attachment #2: Type: text/html, Size: 1600 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Cookie Handling [rack/rack GH-8]
       [not found]     ` <5a9d52bd0912031555y5acedb5aua57038aa8a53a070@mail.gmail.com>
@ 2009-12-03 23:56       ` Scytrin dai Kinthra
  2009-12-04  1:21         ` Joshua Peek
  0 siblings, 1 reply; 4+ messages in thread
From: Scytrin dai Kinthra @ 2009-12-03 23:56 UTC (permalink / raw)
  To: rack-devel

[-- Attachment #1: Type: text/plain, Size: 405 bytes --]

Fixed, and pushed. Josh, you may want to add a few more tests or adjust the
code as you've done the latest tweaking on #parse_query

--
stadik.net

On Dec 2, 2009 9:19 AM, "Scytrin dai Kinthra" <scytrin@gmail.com> wrote:

I can see about fixing this today if no one else is claiming it.
--
stadik.net

> > On Dec 2, 2009 5:14 AM, "Christian Neukirchen" <chneukirchen@gmail.com>
wrote: > > mhat sent yo...

[-- Attachment #2: Type: text/html, Size: 762 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Cookie Handling [rack/rack GH-8]
  2009-12-03 23:56       ` Scytrin dai Kinthra
@ 2009-12-04  1:21         ` Joshua Peek
  0 siblings, 0 replies; 4+ messages in thread
From: Joshua Peek @ 2009-12-04  1:21 UTC (permalink / raw)
  To: rack-devel

Looks good.

On Thu, Dec 3, 2009 at 5:56 PM, Scytrin dai Kinthra <scytrin@gmail.com> wrote:
> Fixed, and pushed. Josh, you may want to add a few more tests or adjust the
> code as you've done the latest tweaking on #parse_query
>
> --
> stadik.net
>
> On Dec 2, 2009 9:19 AM, "Scytrin dai Kinthra" <scytrin@gmail.com> wrote:
>
> I can see about fixing this today if no one else is claiming it.
> --
> stadik.net
>
>> > On Dec 2, 2009 5:14 AM, "Christian Neukirchen" <chneukirchen@gmail.com>
>> > wrote: > > mhat sent yo...



-- 
Joshua Peek

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2009-12-04  1:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-12-02 13:13 Cookie Handling [rack/rack GH-8] Christian Neukirchen
     [not found] ` <5a9d52bd0912020917q180168a3t48343dcc1f7fba1@mail.gmail.com>
2009-12-02 17:19   ` Scytrin dai Kinthra
     [not found]     ` <5a9d52bd0912031555y5acedb5aua57038aa8a53a070@mail.gmail.com>
2009-12-03 23:56       ` Scytrin dai Kinthra
2009-12-04  1:21         ` Joshua Peek

Code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/rack.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).