smithproject.org

Tracker Bug created.

In ClientScope.java, there is a method:
Code:

	public void storeCustomVarsToCookie() {
 		String cookieValue = "";
 
 		Iterator it = this.keySet().iterator();
 		while (it.hasNext()) {
 			String varName = (String) it.next();
 			String varValue = this.getClientValue(varName).toString();
 			if (!isBuiltInVarible(varName)) {
 				cookieValue += "#"
 						+ SmithString.URLEncodedFormat(varName,
 								ApplicationServices.BYTE_CHARSET)
 						+ "="
 						+ SmithString.URLEncodedFormat(varValue,
 								ApplicationServices.BYTE_CHARSET);
 				addPermanentCookieToResponse(COOKIE_CFCLIENT, cookieValue);
 			}
 		}
 	}

This results in the following result headers, after you have gone through a few pages on the app:
Code:

 Date: Wed, 05 Mar 2008 22:30:50 GMT
 Server: Apache/2.2.6 (Unix) DAV/2 mod_jk/1.2.26 PHP/4.4.8
 Set-Cookie: CFGLOBALS="#HitCount=19#LastVisit={ts '2008-03-05 14:30:51'}#TimeCreated={ts '2008-02-11 18:40:39'}#"; Expires=Fri, 26-Feb-2038 22:30:51 GMT; Path=/
 CFCLIENT_=#view216318=1; Expires=Fri, 26-Feb-2038 22:30:51 GMT; Path=/
 CFCLIENT_=#view216318=1#view214555=1; Expires=Fri, 26-Feb-2038 22:30:51 GMT; Path=/
 CFCLIENT_=#view216318=1#view214555=1#album16019=1; Expires=Fri, 26-Feb-2038 22:30:51 GMT; Path=/
 CFCLIENT_=#view216318=1#view214555=1#album16019=1#album15854=1; Expires=Fri, 26-Feb-2038 22:30:51 GMT; Path=/
 Content-Language: en_US
 Keep-Alive: timeout=5, max=100
 Connection: Keep-Alive
 Transfer-Encoding: chunked
 Content-Type: text/html;charset=UTF-8
 
 200 OK

As you can see, each CFCLIENT_ line in the response headers is simply the previous one with the value from the iterator inserted at the end. I believe the problem may be that the code calls addPermanentCookieToResponse() from INSIDE the iterator, rather than using the iterator to build up the cookie's contents and then calling addPermanentCookieToResponse() once after the iterator is done.

Looks like that's it alright...

Code:

	/**
 	 * Stores client variables to http response cookies.
 	 */
 	public void storeCustomVarsToCookie() {
 		String cookieValue = "";
 
 		Iterator it = this.keySet().iterator();
 		while (it.hasNext()) {
 			String varName = (String) it.next();
 			String varValue = this.getClientValue(varName).toString();
 			if (!isBuiltInVarible(varName)) {
 				cookieValue += "#"
 						+ SmithString.URLEncodedFormat(varName,
 								ApplicationServices.BYTE_CHARSET)
 						+ "="
 						+ SmithString.URLEncodedFormat(varValue,
 								ApplicationServices.BYTE_CHARSET);
 				//addPermanentCookieToResponse(COOKIE_CFCLIENT, cookieValue);
 			}
 		}
 		
 		if(cookieValue.length() > 0) {
 			addPermanentCookieToResponse(COOKIE_CFCLIENT, cookieValue);
 		}
 	}

Commenting out the addPermanentCookieToResponse() and putting it inside an if statement that check the cookie value length after the iterator block fixed it. I will also add this to the tracker

Thanks Cars!

Thanks Cars!
The patch is applied to SVN.

I have tested the format CFMX uses to generate this cookie and discovered that Smith was not compatibile with it. It will be reimplemented for the next build. Here's what I've found out about CFCLIENT_ cookies:

1. CFMX URL-encodes the complete cookie, not just keys and values as Smith does.

2. Keys and values are separated with '='. Key-value pairs are separated with '#'... When creating the cookie, CFMX appends hash ('#') after each key-value pair, while Smith used hash in front of each pair.

3. When creating the cookie, keys are converted to lower-case; '=' and '#' are not escaped in keys.

4. In values, chars '=' and '#' are escaped by adding another '#' in front of them.

5. When unpacking variables from the cookie, CFMX unescapes '=' and '#' in keys and values. Key stops at first unescaped '='. In values, unescaped '=' are ignored. Value ends at first unescaped '#'.

orcus

Glad to be of assistance!