TechQA.

CXF issue with cookies using Chrome

1k views Asked by At

Recently i've faced strange issue with cookies being sent to my backend server (which is using CXF 3.1.2 for handling HTTP requests), it throws an exception: 

java.lang.IllegalArgumentException: Cookie is malformed :
        at org.apache.cxf.jaxrs.impl.CookieHeaderProvider.fromString(CookieHeaderProvider.java:66) ~[cxf-rt-frontend-jaxrs-3.1.2.jar:3.1.2]
        at org.apache.cxf.jaxrs.impl.CookieHeaderProvider.fromString(CookieHeaderProvider.java:26) ~[cxf-rt-frontend-jaxrs-3.1.2.jar:3.1.2]
        at javax.ws.rs.core.Cookie.valueOf(Cookie.java:126) ~[javax.ws.rs-api-2.0.1.jar:2.0.1]
        at org.apache.cxf.jaxrs.impl.HttpHeadersImpl.getCookies(HttpHeadersImpl.java:117) ~[cxf-rt-frontend-jaxrs-3.1.2.jar:3.1.2]
        at org.apache.cxf.jaxrs.impl.AbstractRequestContextImpl.getCookies(AbstractRequestContextImpl.java:59) ~[cxf-rt-frontend-jaxrs-3.1.2.jar:3.1.2]
        at com.acmecorp.acmeproject.whitelist.filter.AuthenticationInFilter.filter(AuthenticationInFilter.java:34) ~[AuthenticationInFilter.class:na]
        at org.apache.cxf.jaxrs.utils.JAXRSUtils.runContainerRequestFilters(JAXRSUtils.java:1636) ~[cxf-rt-frontend-jaxrs-3.1.2.jar:3.1.2]

This happens occasionally when i use Chrome or Opera, but this wasn't reproduced in Firefox or IE. In CXF logs i've found next HTTP headers being sent to server:

Headers: {Accept=[application/json, text/plain, /], accept-encoding=[gzip, deflate, lzma], Accept-Language=[en-US,en;q=0.8], Cookie=[BlueStripe.PVN=300d00000051; APP_USER="test_user1"; ; SMSESSION=(omitted)] }

The issue is in double semicolon in headers with space between them. CXF treats it as cookie which have no name and no value and throws an exception.

This issue may be related to Siteminder SMSESSION cookie which expires every minute or so.

Any help would be highly appreciated.

google-chrome cookies cxf siteminder
Original Q&A
1

There are 1 answers

0
pedrofb On

A valid Cookie: header according with RFC6265 should be

 Cookie: name=value *(; name=value)

One or more name=value pair separated by semicolon and space ; . Your cookie is not valid because the third entry is void.

In server side, CXF CookieHeaderProvider.fromString(cookie) throws an IllegalArgumentException because name/value is null. This is not a CXF bug because the cookie does not meet the specification

I have not found any related bugs in Chrome issue list, so I suspect is a client issue

Next step is to determine where is beign included the blank cookie ;

  1. Debug the client code before call to see the current set of cookies
  2. Inspect the http request headers and check Cookie: value

It would be helpful if you post the client code and the debugger results

Related Questions in GOOGLE-CHROME

Related Questions in COOKIES

Related Questions in CXF

Related Questions in SITEMINDER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions