Missing '=' in cookie

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Missing '=' in cookie

tony p-2
Hi folks,

I’m seeing “Missing ‘=‘ in cookie" error messages in an Active4D log.  There are alot of them (although it might only be a small number of users) so I am concerned that some users are effectively being locked out of the web site by the error.  It’s A4D v6.1r13, but I don’t see anything in the v6.1r14 release notes.  

[error] server: missing '=' in cookie: /Users/aparajita/Development/Projects/4D_Plugins/v11/Active4D-v11/src/support/server.cpp, line 2808, parseCookies

Does A4D clear the cookie on this error?

Tony Pollard
Another Dimension



_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Missing '=' in cookie

Aparajita Fishman
In the case of this error, the cookie is not *cleared* on the client, but it isn't read on the server and thus isn't available to Active4D.

> On Jul 6, 2015, at 8:31 PM, Tony Pollard <[hidden email]> wrote:
>
> Hi folks,
>
> I’m seeing “Missing ‘=‘ in cookie" error messages in an Active4D log.  There are alot of them (although it might only be a small number of users) so I am concerned that some users are effectively being locked out of the web site by the error.  It’s A4D v6.1r13, but I don’t see anything in the v6.1r14 release notes.  
>
> [error] server: missing '=' in cookie: /Users/aparajita/Development/Projects/4D_Plugins/v11/Active4D-v11/src/support/server.cpp, line 2808, parseCookies
>
> Does A4D clear the cookie on this error?
>
> Tony Pollard
> Another Dimension
>
>
>
> _______________________________________________
> Active4D-dev mailing list
> [hidden email]
> http://list.aparajitaworld.com/listinfo/active4d-dev
> Archives: http://active4d-nabble.aparajitaworld.com/



Regards,

  Aparajita

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Missing '=' in cookie

tony p-2
Thanks Aparajita.

Just to be clear, does the error abort execution?  I’m checking to make sure that anyone who has (somehow) got an invalid cookie can still use the site.

Many thanks,

Tony Pollard
Another Dimension



> On 6 Jul 2015, at 5:40 pm, Aparajita Fishman <[hidden email]> wrote:
>
> In the case of this error, the cookie is not *cleared* on the client, but it isn't read on the server and thus isn't available to Active4D.
>
>> On Jul 6, 2015, at 8:31 PM, Tony Pollard <[hidden email]> wrote:
>>
>> Hi folks,
>>
>> I’m seeing “Missing ‘=‘ in cookie" error messages in an Active4D log.  There are alot of them (although it might only be a small number of users) so I am concerned that some users are effectively being locked out of the web site by the error.  It’s A4D v6.1r13, but I don’t see anything in the v6.1r14 release notes.  
>>
>> [error] server: missing '=' in cookie: /Users/aparajita/Development/Projects/4D_Plugins/v11/Active4D-v11/src/support/server.cpp, line 2808, parseCookies
>>
>> Does A4D clear the cookie on this error?
>>
>> Tony Pollard
>> Another Dimension
>>
>>
>>
>> _______________________________________________
>> Active4D-dev mailing list
>> [hidden email]
>> http://list.aparajitaworld.com/listinfo/active4d-dev
>> Archives: http://active4d-nabble.aparajitaworld.com/
>
>
>
> Regards,
>
>  Aparajita
>
> _______________________________________________
> Active4D-dev mailing list
> [hidden email]
> http://list.aparajitaworld.com/listinfo/active4d-dev
> Archives: http://active4d-nabble.aparajitaworld.com/

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Missing '=' in cookie

Aparajita Fishman
> Just to be clear, does the error abort execution?

Yes, a 400 status is returned.

Regards,

  Aparajita

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Missing '=' in cookie

tony p-2
Ahhh, so if the users cookie has been corrupted in this way then they are effectively locked out of the site.  There seem to be lots of ways (nothing to do with A4D) that users can get their cookies corrupted.  I am getting the error a few times a day which must be frustrating for the respective users, so I’m inclined to handle it.  I could:
1. Trap the error in a custom error page, look for a 400 status and clear cookies there?
2. Inspect the cookies before handing the request off to A4D?

Or is there a better way?

Thanks,

Tony Pollard
Another Dimension



> On 9 Jul 2015, at 1:23 pm, Aparajita Fishman <[hidden email]> wrote:
>
>> Just to be clear, does the error abort execution?
>
> Yes, a 400 status is returned.
>
> Regards,
>
>  Aparajita
>
> _______________________________________________
> Active4D-dev mailing list
> [hidden email]
> http://list.aparajitaworld.com/listinfo/active4d-dev
> Archives: http://active4d-nabble.aparajitaworld.com/

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Speaking of cookies...

Mike Vogt-2
Hi all,
Is there any way to pass session data between to Active4D sites?  In other words, if you're logged into site A with session data set and there is a link to site B, is there any way to access session A's data in site B?

Thanks,
Mike

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Speaking of cookies...

Aparajita Fishman
> Is there any way to pass session data between to Active4D sites?

You can use 'session to blob', pass the blob somehow, then 'blob to session'.

>  In other words, if you're logged into site A with session data set and there is a link to site B, is there any way to access session A's data in site B?

Regards,

  Aparajita

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Missing '=' in cookie

Aparajita Fishman
In reply to this post by tony p-2
> I am getting the error a few times a day which must be frustrating for the respective users, so I’m inclined to handle it.  I could:
> 1. Trap the error in a custom error page, look for a 400 status and clear cookies there?
> 2. Inspect the cookies before handing the request off to A4D?
> Or is there a better way?

The better way would be for me to be more lenient with invalid cookies. I'd like to see what their cookies are so I can know what to allow.

Regards,

  Aparajita

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Missing '=' in cookie

tony p-2
Hmmm, interesting.  I’ve used the (Mac) Paw app to simulate sending some corrupt cookies to A4D (v6.1r13).  Various combinations of no =, null and otherwise Bad Cookies didn’t generate any errors.  However, if I create a cookie with a space instead of an = then I get the "[error] server: missing '=' in cookie” 400 error (as you would expect).  I’ve created a log trap in On Web Connection to see if I can catch one of them.

Many thanks,

Tony Pollard
Another Dimension


On 14 Jul 2015, at 6:55 pm, Aparajita Fishman <[hidden email]> wrote:

>
>> I am getting the error a few times a day which must be frustrating for the respective users, so I’m inclined to handle it.  I could:
>> 1. Trap the error in a custom error page, look for a 400 status and clear cookies there?
>> 2. Inspect the cookies before handing the request off to A4D?
>> Or is there a better way?
>
> The better way would be for me to be more lenient with invalid cookies. I'd like to see what their cookies are so I can know what to allow.
>
> Regards,
>
>  Aparajita
>
> _______________________________________________
> Active4D-dev mailing list
> [hidden email]
> http://list.aparajitaworld.com/listinfo/active4d-dev
> Archives: http://active4d-nabble.aparajitaworld.com/

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Missing '=' in cookie

tony p-2
The few corrupt cookies I’ve seen so far have all been variations of:
Greetz to M, st0n3d, Jorgee, CoLdZeRo, and Tomato lol!
which would seem to be hack attacks on cookies.  I don’t know of a way to overwrite “other” site cookies from the web, so it probably implies the respective users have got viruses.  I’m still inclined to think that it would be good to ignore invalid cookies without throwing an error because they could be generated by crashes, etc.

Cheers!

Tony Pollard
Another Dimension



> On 15 Jul 2015, at 4:07 pm, Tony Pollard <[hidden email]> wrote:
>
> Hmmm, interesting.  I’ve used the (Mac) Paw app to simulate sending some corrupt cookies to A4D (v6.1r13).  Various combinations of no =, null and otherwise Bad Cookies didn’t generate any errors.  However, if I create a cookie with a space instead of an = then I get the "[error] server: missing '=' in cookie” 400 error (as you would expect).  I’ve created a log trap in On Web Connection to see if I can catch one of them.
>
> Many thanks,
>
> Tony Pollard
> Another Dimension
>
>
> On 14 Jul 2015, at 6:55 pm, Aparajita Fishman <[hidden email]> wrote:
>
>>
>>> I am getting the error a few times a day which must be frustrating for the respective users, so I’m inclined to handle it.  I could:
>>> 1. Trap the error in a custom error page, look for a 400 status and clear cookies there?
>>> 2. Inspect the cookies before handing the request off to A4D?
>>> Or is there a better way?
>>
>> The better way would be for me to be more lenient with invalid cookies. I'd like to see what their cookies are so I can know what to allow.
>>
>> Regards,
>>
>> Aparajita
>>
>> _______________________________________________
>> Active4D-dev mailing list
>> [hidden email]
>> http://list.aparajitaworld.com/listinfo/active4d-dev
>> Archives: http://active4d-nabble.aparajitaworld.com/
>
> _______________________________________________
> Active4D-dev mailing list
> [hidden email]
> http://list.aparajitaworld.com/listinfo/active4d-dev
> Archives: http://active4d-nabble.aparajitaworld.com/

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Missing '=' in cookie

Aparajita Fishman
> The few corrupt cookies I’ve seen so far have all been variations of:
> Greetz to M, st0n3d, Jorgee, CoLdZeRo, and Tomato lol!
> which would seem to be hack attacks on cookies.  I don’t know of a way to overwrite “other” site cookies from the web, so it probably implies the respective users have got viruses.  I’m still inclined to think that it would be good to ignore invalid cookies without throwing an error because they could be generated by crashes, etc.

File an issue in the issue tracker so I'll be sure to get to it.

Regards,

  Aparajita

_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/