• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Malformed Cookies and WO
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Malformed Cookies and WO

  • Subject: Malformed Cookies and WO
  • From: Dov Rosenberg <email@hidden>
  • Date: Thu, 10 Feb 2011 12:14:30 -0800
  • Acceptlanguage: en-US
  • Thread-topic: Malformed Cookies and WO
We came across a strange issue that took a bit to figure out but thought it would be worthwhile to let everyone else know what happened

Problem
Some users were having trouble saving a form (WOComponent based) intermittently.  Normally these kinds of problems are nearly impossible to figure out unless you get lucky. We got lucky.

Root Cause
Looking thru the log files we saw a handful of error messages that looked like

410901380 [http-8228-Processor2] WARN er.extensions.appserver.ERXRequest  - java.lang.IllegalStateException: Malformed cookie content:

The default OOTB behavior of WebObjects is to throw an exception when a malformed cookie is detected in the HTTP Request. This disrupts the normal HTTP request/response loop which played hell with our WOComponent.

The malformed cookie was being set by another web site in their domain that was using Google Analytics. Not sure what the problem was with the cookie – saw one that URL encoded 4 times over and another with a null value.

Solution
Thankfully the WO folks realized that throwing an exception while processing cookies might be a bad thing (default behavior) that they added an initialization parameter to change the default behavior to something more sensible. By setting WOAcceptMalformedCookies=true all cookies will be accepted but the malformed ones will be dropped and not processed. After changing the default behavior our app stopped misbehaving.

Not sure if changing the default behavior is a good thing from a security perspective but it did resolve the error for us. Anyone have any thoughts on the impact of this change?

Dov Rosenberg
InQuira


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Malformed Cookies and WO
      • From: Peter Vandoros <email@hidden>
    • Re: Malformed Cookies and WO
      • From: Chuck Hill <email@hidden>
  • Prev by Date: Re: submit button errors on deployment
  • Next by Date: Re: submit button errors on deployment
  • Previous by thread: Re: submit button errors on deployment
  • Next by thread: Re: Malformed Cookies and WO
  • Index(es):
    • Date
    • Thread