Loading ...
Sorry, an error occurred while loading the content.

Apache::Cookie seems to read different Cookie than CGI

Expand Messages
  • dan.horne@apn.co.nz
    Hi All I have to read a domain cookie set by a ColdFusion Web Server on a different host. CF sets a cookie value like user@domain.com|2004-10-22
    Message 1 of 4 , Oct 21, 2004
    • 0 Attachment

      Hi All

      I have to read a domain cookie set by a ColdFusion Web Server on a different host. CF sets a cookie value like

      user@...|2004-10-22 16:16:41|70DC39BB99CB4CB826E3F30AA25D97FE

      I can read this cookie with CGI.pm, and it seems to identical. When I try to get the same cookie value using Apache::Cookie, it gets returned as

      user@...|2004-10-22+16:16:41|70DC39BB99CB4CB826E3F30AA25D97FE

      Note the '+' between the date and time. Unfortunately, this breaks everything, as I need the first two pipe delimited values to hash to the third value (using a key in addition to this). Does anyone know why this would happen, and if there is a workaround?

      Regards

      Dan

      ********************************************************************************
      NOTICE
      This email and any attachments are confidential. They may contain privileged
      information or copyright material. If you are not an intended recipient, you
      should not read, copy, use or disclose the contents without authorisation as
      we request you contact us as once by return email. Please then delete the
      email and any attachments from your system. We do not accept liability in
      connection with computer viruses, data corruption, delay, interruption,
      unauthorised access or unauthorised amendment. Any views expressed in this
      email and any attachments do not necessarily reflect the views of the
      company.
      ********************************************************************************
    • dan.horne@apn.co.nz
      Thanks Ian It occurred to me after I send the original email that the space may be escaped with a +. It s not clear to me whether spaces are permitted in
      Message 2 of 4 , Oct 21, 2004
      • 0 Attachment

        Thanks Ian

        It occurred to me after I send the original email that the space may be escaped with a +. It's not clear to me whether spaces are permitted in cookie values - I found different web pages that seemed to contradict each other. Resorting to the regex replace works - and I'm happy with the workaround as long as the + is a result of escaping and nothing else. The weird thing is, if I set what seems to be the same Cookie with CGI, then Apache::Cookie reads it correctly.

        All the best

        Dan




        idstewart <idstewart@...>

        22/10/2004 17:19

               
                To:        dan.horne@...
                cc:        modperl@...
                Subject:        Re: Apache::Cookie seems to read different Cookie than CGI



        dan.horne@... wrote:

        Hi All


        I have to read a domain cookie set by a ColdFusion Web Server on a different host. CF sets a cookie value like


        user@...|2004-10-22 16:16:41|70DC39BB99CB4CB826E3F30AA25D97FE

        I can read this cookie with CGI.pm, and it seems to identical. When I try to get the same cookie value using Apache::Cookie, it gets returned as


        user@...|2004-10-22+16:16:41|70DC39BB99CB4CB826E3F30AA25D97FE

        Note the '+' between the date and time. Unfortunately, this breaks everything, as I need the first two pipe delimited values to hash to the third value (using a key in addition to this). Does anyone know why this would happen, and if there is a workaround?

        If I were to hazard a guess, I would say that Apache::Cookie is URL encoding the cookie.  If you URL decode the value returned from Apache::Cookie, you should get the same value that is being reported by CGI.pm and Cold Fusion.

        As a poor man's URL decode, you could try something like:

           $cookie =~ s/+/ /g;

        This will replace the '+' with a space in the value returned by Apache::Cookie and leave the value returned by CGI.pm unaffected.


        HTH.
        Ian




        ********************************************************************************
        NOTICE
        This email and any attachments are confidential. They may contain privileged
        information or copyright material. If you are not an intended recipient, you
        should not read, copy, use or disclose the contents without authorisation as
        we request you contact us as once by return email. Please then delete the
        email and any attachments from your system. We do not accept liability in
        connection with computer viruses, data corruption, delay, interruption,
        unauthorised access or unauthorised amendment. Any views expressed in this
        email and any attachments do not necessarily reflect the views of the
        company.
        ********************************************************************************
      • idstewart
        ... If I were to hazard a guess, I would say that Apache::Cookie is URL encoding the cookie. If you URL decode the value returned from Apache::Cookie, you
        Message 3 of 4 , Oct 21, 2004
        • 0 Attachment
          dan.horne@... wrote:

          Hi All

          I have to read a domain cookie set by a ColdFusion Web Server on a different host. CF sets a cookie value like

          user@...|2004-10-22 16:16:41|70DC39BB99CB4CB826E3F30AA25D97FE

          I can read this cookie with CGI.pm, and it seems to identical. When I try to get the same cookie value using Apache::Cookie, it gets returned as

          user@...|2004-10-22+16:16:41|70DC39BB99CB4CB826E3F30AA25D97FE

          Note the '+' between the date and time. Unfortunately, this breaks everything, as I need the first two pipe delimited values to hash to the third value (using a key in addition to this). Does anyone know why this would happen, and if there is a workaround?
          If I were to hazard a guess, I would say that Apache::Cookie is URL encoding the cookie.  If you URL decode the value returned from Apache::Cookie, you should get the same value that is being reported by CGI.pm and Cold Fusion.

          As a poor man's URL decode, you could try something like:

              $cookie =~ s/+/ /g;

          This will replace the '+' with a space in the value returned by Apache::Cookie and leave the value returned by CGI.pm unaffected.


          HTH.
          Ian
        • Joe Schaefer
          ... The Netscape Cookie spec does not allow space chars in the raw cookie (ie the NAME=VALUE portion of the Cookie header). Here is the spec link:
          Message 4 of 4 , Oct 21, 2004
          • 0 Attachment
            dan.horne@... writes:

            > Thanks Ian
            >
            > It occurred to me after I send the original email that the space may
            > be escaped with a +. It's not clear to me whether spaces are permitted
            > in cookie values

            The Netscape Cookie spec does not allow space chars in the raw
            cookie (ie the NAME=VALUE portion of the "Cookie" header). Here
            is the spec link:

            http://wp.netscape.com/newsref/std/cookie_spec.html

            However I suspect the space doesn't appear in the actual cookie
            header- it's probably a "+" there.

            > The weird thing is, if I set what seems to be the same Cookie
            > with CGI, then Apache::Cookie reads it correctly.

            IIRC CGI will url-encode the " " as %20, so neither " " nor "+"
            will appear in the actual Cookie header. Apache::Cookie is probably
            not translating the "+" character into a " ". Which version of
            Apache::Cookie are you using?

            --
            Joe Schaefer


            --
            Report problems: http://perl.apache.org/bugs/
            Mail list info: http://perl.apache.org/maillist/modperl.html
            List etiquette: http://perl.apache.org/maillist/email-etiquette.html
          Your message has been successfully submitted and would be delivered to recipients shortly.