PDA

View Full Version : BUG: cWebHttpHandler - Cookies.



seanyboy
2-Nov-2018, 06:06 AM
cWebHttpHandler doesn't seem to handle cookies correctly.
Digging deeper, it does not allow you to create multiple response headers with the same name.

Mike Peat
2-Nov-2018, 07:41 AM
Sean

From the spec: "Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy MUST NOT change the order of these field values when a message is forwarded." (from: https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2) - so from that I'd say there should never be a need to have multiple response headers with the same name - you should always be able combine them into one with multiple values.

What is it you are trying to do?

Mike

starzen
2-Nov-2018, 07:42 AM
Sean

From the spec: "Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy MUST NOT change the order of these field values when a message is forwarded." (from: https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2) - so from that I'd say there should never be a need to have multiple response headers with the same name - you should always be able combine them into one with multiple values.

What is it you are trying to do?

Mike

you can combine them most times but not if you need to have multiple cookies with expiration dates

Mike Peat
2-Nov-2018, 07:43 AM
Ah! :(

Harm Wibier
6-Nov-2018, 10:02 AM
I was not aware of sending the same header multiple times being supported.

Can you post an example of what you are doing? Are you using SetCookie?

starzen
6-Nov-2018, 10:14 AM
I was not aware of sending the same header multiple times being supported.

Can you post an example of what you are doing? Are you using SetCookie?

there are a number of headers were sending multiple is supported and sometimes even required

cookies with expiration are one example but really it boils down to the use of a comma which conflicts with the comma used in single line header declarations.

this is why the standard allows the declaration of multiples of the same header

seanyboy
7-Nov-2018, 06:32 AM
>I was not aware of sending the same header multiple times being supported.
>Can you post an example of what you are doing? Are you using SetCookie?

I am trying to set & request cookies using a cWebHttpHandler.

SetCookie doesn't work either.



Get psRequestQueryString to sValue

Send AddHttpResponseHeader "Content-Type" "text/html; charset=utf-8"
//Send AddHttpResponseHeader "set-cookie" "sessionid=38afes7a8; HttpOnly; Path=/"
//Send AddHttpResponseHeader "set-cookie" "test=this is a test; HttpOnly; Path=/"

Send SetCookie "sessionid" "38afes7a8"
Send SetCookie "test" "this is a test"

Harm Wibier
8-Nov-2018, 04:10 PM
Thanks! We will make sure this gets fixed for the next build...