[drakma-devel] Parsing quoted cookie values (bug?)

Victor Kryukov victor.kryukov at gmail.com
Sun Mar 16 03:59:09 UTC 2008


Hello,

I believe the following behaviour is a bug:

(drakma::parse-set-cookie "session=\"1,2,3\"; domain=example.com;
path=/")

generates an error:

While parsing cookie header "session=\"1,2,3\"; domain=example.com; path=/":
Read character #\,, but expected #\=.
   [Condition of type SIMPLE-ERROR]

Restarts:
 0: [ABORT] Return to SLIME's top level.
 1: [TERMINATE-THREAD] Terminate this thread (#<THREAD "new-repl-thread" {1004560551}>)

Backtrace:
  0: (CHUNGA::SIGNAL-UNEXPECTED-CHARS #\, #\=)
  1: (CHUNGA:ASSERT-CHAR #<SB-IMPL::STRING-INPUT-STREAM {1004562A51}> #\=)
  2: (CHUNGA:READ-NAME-VALUE-PAIR #<SB-IMPL::STRING-INPUT-STREAM {1004562A51}>)[:EXTERNAL]
  3: (DRAKMA::PARSE-SET-COOKIE "session=\"1,2,3\"; domain=example.com;
  path=/")

According to RFC2965[1],

   av-pairs    =     av-pair *(";" av-pair)
   av-pair     =     attr ["=" value]              ; optional value
   attr        =     token
   value       =     token | quoted-string

value is either a token or a quoted string. According to RFC2616[2],

       quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )
       qdtext         = <any TEXT except <">>

quoted string can contain any text except \", including
commas. 

I know a particular web-site (reddit.com) that sets cookies of that
form, and Firefox parses them without any problem.

The problem seem to be in read-name-value-pair from CHUNGA:

DRAKMA> (with-input-from-string (in "session=\"1,2,3\";
 domain=example.com; path=/") (read-name-value-pair in :cookie-syntax t))

("session" . "\"1")

Best Regards,
Victor.

[1] http://www.faqs.org/rfcs/rfc2965.html
[2] http://www.faqs.org/rfcs/rfc2616.html

-- 
http://macrodefinition.blogspot.com




More information about the Drakma-devel mailing list