Bugs item #1495150, was opened at 2006-05-25 09:20
Message generated for change (Comment added) made by javaguru1729
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=107322&aid=1495150&group_id=73\
22

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Servlets
Group: None
Status: Open
Resolution: Wont Fix
Priority: 5
Submitted By: Chandra (javaguru1729)
Assigned to: Nobody/Anonymous (nobody)
Summary: Partial Cookies are returned if total cookie data exceeds 8K

Initial Comment:
Copy the JSP to a web app. Run Jetty with Java 5.0 SE.
Use Firefox browser to see JSPs.
The JSP files prints out the cookies in the request and
also sets cookies of approximate size 3K. The number of
cookies set on the response is controlled by cookieNum
local variable in JSP.

Clear all cookies for localhost and set cookieNum value
to 1. Invoke the JSP two times. Everything should be fine.

Set cookieNum value to 2. This also keeps the total
cookie size under 8K. The JSP works fine:
----jsp output----
Cookies found 2
Cookie username0 Size 2844 Thu May 25 13:02:57 PDT
2006Lore...
Cookie JSESSIONID Size 13 17wod4l2ss785...
Cookie added to response username0 size 2844
Cookie added to response username1 size 2844
---end of jsp output--------

However, a warning stacktrace is printed out at
console. See jettylog1.txt section at the end.

Set cookieNum value to 3. This exceeds cookie header
size to 8K since Firefox and IE send only one Cookie
header even for large cookies. The third large cookie
returned by Jetty is partial as evident by the size 2432.

---jsp output after invoking second time----
Cookies found 3
Cookie username0 Size 2844 Thu May 25 13:11:11 PDT
2006Lore...
Cookie username1 Size 2844 Thu May 25 13:11:11 PDT
2006Lore...
Cookie username2 Size 2432 Thu May 25 13:11:11 PDT
2006Lore...
Cookie added to response username0 size 2844
Cookie added to response username1 size 2844
Cookie added to response username2 size 2844
-----end of jsp output------

As we increase the value of cookieNum to 4 and 5, only
three cookies are returned by Jetty and third cookie
only contains partial data.

Internally, Jetty maintains 8K buffer for cookie data
in org.mortbay.http.HttpRequest class. We noticed that
Jetty while creating cookies array only processes first
buffer.

------start of jettylog1.txt------
13:03:33.180 WARN!! [P1-1199]
org.mortbay.http.HttpConnection.exception(HttpConnection.java:780)
>06> GET /favicon.ico HTTP/1.1
java.lang.ArrayIndexOutOfBoundsException

at
java.lang.System.arraycopy(Native Method)

at
org.mortbay.util.ByteBufferOutputStream.write(ByteBufferOutputStream.java:198)
at
org.mortbay.http.BufferedOutputStream.write(BufferedOutputStream.java:152)
at
org.mortbay.http.HttpOutputStream.write(HttpOutputStream.java:423)

at
org.mortbay.util.ByteArrayISO8859Writer.writeTo(ByteArrayISO8859Writer.java:105)
at
org.mortbay.http.handler.ErrorPageHandler.handle(ErrorPageHandler.java:50)
at
org.mortbay.http.HttpResponse.sendError(HttpResponse.java:357)

at
org.mortbay.http.handler.NotFoundHandler.handle(NotFoundHandler.java:56)
at
org.mortbay.http.handler.RootNotFoundHandler.handle(RootNotFoundHandler.java:55)
at
org.mortbay.http.HttpContext.handle(HttpContext.java:1530)

at
org.mortbay.http.HttpContext.handle(HttpContext.java:1482)

at
org.mortbay.http.HttpServer.service(HttpServer.java:946)

at
org.mortbay.http.HttpConnection.service(HttpConnection.java:816)

at
org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982)

at
org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)

at
org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)
at
org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)

at
org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)


------end of jettylog1.txt------


----------------------------------------------------------------------

>Comment By: Chandra (javaguru1729)
Date: 2006-06-04 19:02

Message:
Logged In: YES
user_id=960051

org.mortbay.http.HttpRequest.__maxLineLength appeared to be
a red herring.
When I set BufferSize property for
org.mortbay.http.SocketListener, it works for cookie data up
to the specified value of BufferSize.
This workaround should be used.

As noted before, Jetty must not truncate cookie data. This
bug may be reduced to fixing cookie data truncation.
However, it would be quite desirable to eliminate
IndexOutOfBoundsException conditions.


----------------------------------------------------------------------

Comment By: Chandra (javaguru1729)
Date: 2006-05-27 09:34

Message:
Logged In: YES
user_id=960051

I org.mortbay.http.HttpRequest.__maxLineLength to 80K. And
still the cookie data is truncated after 8K.

public class IGNCustomizer {
public static void customize() {
org.mortbay.http.HttpRequest.__maxLineLength = 81920;

System.out.println("org.mortbay.http.HttpRequest.__maxLineLength
set to "+org.mortbay.http.HttpRequest.__maxLineLength);
}
}

In Jetty.xml
<Call class="com.ign.jetty.IGNCustomizer" name="customize"/>



----------------------------------------------------------------------

Comment By: Greg Wilkins (gregwilkins)
Date: 2006-05-26 21:59

Message:
Logged In: YES
user_id=44062

I agree better error messages are desirable if the HTTP
header max size is exceeded?

Have you increased the buffer size? Once you increase the
buffer size, you should be able to send your cookies.

In jetty6 you need to call setHeaderBufferSize on the connector.



----------------------------------------------------------------------

Comment By: Chandra (javaguru1729)
Date: 2006-05-26 08:56

Message:
Logged In: YES
user_id=960051

The spec is:

1) at least 4096 bytes per cookie
2) at least 20 cookies per unique host or domain name

Please see my example, there is no violation of the spec. We
are sending
2-3 cookies of ~3K.

On outgoing response, Jetty-5.1.10 creates multiple
Set-Cookie headers
and user-agent (IE and Firefox) store them correctly.

On next request, the browsers sends them to the sever.
However, IE and
Firefox create a single Cookie header. Again, both browser
send them
correctly too. The header size exceeds 4K due to multiple 3K
cookies.

In Jetty 5.1.10, if the cookie data is more than 8K (not 4K,
it appears
to treat cookie Header as a special case) then it creates
multiple
buffers (of 8K each). So, it's not that I am not paying on
the server. I
am not getting anything out of it.

Not withstanding Cookie spec, I think
java.lang.ArrayIndexOutOfBoundsException in Jetty 5 and
java.lang.IndexOutOfBoundsException in Jetty 6 are in itself
bugs. If it
doesn't handle more than 8K of cookie data by design, then
it should
proceed normally (log it as a warning).

Also, Jetty-5.1.10 truncates Cookie data which falls beyond
8K limit.
The cookie spec, even though written for User-Agents,
doesn't allow them
to truncate cookies.

<quote>
If for some reason there is inadequate space to store the
cookie, it
must be discarded, not truncated.
</quote>

In Jetty 6, HTTP request fails completely if the two cookies
of 3K were
sent by an User Agent. I can't sent down two cookies of 3K
either. I
don't think you have IndexOutOfBoundsException by design.


----------------------------------------------------------------------

Comment By: Greg Wilkins (gregwilkins)
Date: 2006-05-25 23:50

Message:
Logged In: YES
user_id=44062

will not fix.

Servers and browsers are allowed to limit cookie length and
total header length.

You can increase the size of the buffers if you wish to have
larger cookies. But most browsers implement a 4k limit


----------------------------------------------------------------------

Comment By: Chandra (javaguru1729)
Date: 2006-05-25 10:52

Message:
Logged In: YES
user_id=960051

It was tested on Jetty-5.1.10.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=107322&aid=1495150&group_id=73\
22


_______________________________________________
jetty-discuss mailing list
jetty-discuss@...
https://lists.sourceforge.net/lists/listinfo/jetty-discuss