Forum Discussion
mr_skater99_640
Nimbostratus
NimbostratusStripping Cookies
We have an off the shelf product that sets to many cookies and cookies on all domains configured in the product (these aren't needed). We're trying to tidy some of this up and we've got some of it wo...
Craig_Jackson_2Nimbostratus
NimbostratusI used this code to strip a cookie that was causing us problems, and I encountered a problem with the code.
The problem occurred when we received a cookie whose name included a quote. In that case, "foreach a_cookie [HTTP::cookie names]" produced errors something like these:
list element in quotes followed by "customerSurvey":"NA"" instead of space
list element in quotes followed by ":" instead of space
unmatched open quote in list
Unfortunately, it doesn't log the offending list element or list, but I think one of the cookie names was something like '"foo":'. (foo in quotes, with a colon after the close quote.
As best as I can tell, quotes aren't legal in cookie names, which obey the rule for HTTP tokens. However, that doesn't mean that they can't occur in a Cookie: header. I created them myself using Fiddlerscript.
However, I'm really not quite sure why the list is being scanned for syntax in the line "foreach a_cookie [HTTP::cookie names]". It seems like [HTTP::cookie names] would be treated as a single syntactic item and would not be further expanded.
Is this an F5 bug?
