Cookie value is truncated after the "@" symbol in JBoss EAP 5.1.0

Solution Verified - Updated -

Environment

  • JBoss Enterprise Application Platform (EAP) 5.1.0
  • Cookie version 0

Issue

  • The email field in a JSP page is not pre-populated with complete email id. It displays "foo" instead of "foo@foobar.com".
  • The email data on the JSP page is retrieved from a cookie. The cookie is set in the response header:
<%
response.addHeader("Set-Cookie","emailCookie=foo@foobar.com; HttpOnly ; Secure; path=/");
%>
  • The cookie data is read in a servlet bean:
javax.servlet.http.Cookie[] cookies = request.getCookies();
for (int x = 0; x<cookies.length; x++) {
        ...
}
  • Why is JBoss truncating the cookie?

Resolution

This is a known issue which is captured in JBPAPP-5813. This has been resolved in EAP 5.1.1.

There are two work around solutions to resolve the truncation of the cookie value.

First option is to escape the @ sign with the URL-encoded version value %40.

<%
response.addHeader("Set-Cookie","emailCookie=foo%40foobar.com;; HttpOnly ; Secure; path=/");
%>

Second option is to add a double quote around the cookie:

<%
response.addHeader("Set-Cookie","signinCookieTest=\"foo@foobar.com\"; HttpOnly ; Secure; path=/");
%>

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments