Cookie with illegal characters in dotnet framework 2.0

[dotnetal]

Hi,

I'm writing a web spider that interacts with a web site that is
sending back a cookie that is broken. However, both IE and Firefox
will happily work with a cookie that contains illegal characters.

According to the HTTP specs, and the implementation of Cookies in
the .Net Framework, it is illegal to have a comma, space character or
semicolon in the value of a cookie. My code is interacting with a
website that returns a cookie containing a comma in the value field
and the CookieCollection returned by HTTPWebResponse seems to do a
split at the point of the comma, creating 2 cookies. So, in the HTTP
header example below, we end up with a cookie called SESSION_ID with a
value of 34739880 and a second cookie called 6BJgeNVXJ8Rs/
a8OuqGO34dBRt5grTk1TxOMTKM2bF3LtfC6T0srsQ with a value of =

The headers from the request are shown here:

HTTP 200 OK
Date: Wed, 23 May 2007 16:49:40 GMT
Server: IBM_HTTP_Server
Set-Cookie: SESSION_ID=34739880,6BJgeNVXJ8Rs/
a8OuqGO34dBRt5grTk1TxOMTKM2bF3LtfC6T0srsQ==;Path=/
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-GB
Content-Encoding: deflate
Vary: Accept-Encoding, User-Agent

Does anyone know how to deal with these rogue cookies so that we can
implement the same bahaviour as IE and Firefox. I know that
technically they shouldn't bother to implement this broken behaviour,
but someone in the Microsoft IE and Firefox dev teams obviously
decided to accept this broken behaviour and it seems to me that .net
should too.

Thanks

Al

 

[Ashot Geodakov]

Can you access these cookies through HttpWebRequest.Headers["Set-Cookie"] ?

If you can, what keeps you from just parsing that cookie string?

 

[dotnetal]

Can you access these cookies through HttpWebRequest.Headers["Set-Cookie"] ?

If you can, what keeps you from just parsing that cookie string?

Hi,

I'm writing a web spider that interacts with a web site that is
sending back a cookie that is broken. However, both IE and Firefox
will happily work with a cookie that contains illegal characters.

According to the HTTP specs, and the implementation of Cookies in
the .Net Framework, it is illegal to have a comma, space character or
semicolon in the value of a cookie. My code is interacting with a
website that returns a cookie containing a comma in the value field
and the CookieCollection returned by HTTPWebResponse seems to do a
split at the point of the comma, creating 2 cookies. So, in the HTTP
header example below, we end up with a cookie called SESSION_ID with a
value of 34739880 and a second cookie called 6BJgeNVXJ8Rs/
a8OuqGO34dBRt5grTk1TxOMTKM2bF3LtfC6T0srsQ with a value of =

The headers from the request are shown here:

HTTP 200 OK
Date: Wed, 23 May 2007 16:49:40 GMT
Server: IBM_HTTP_Server
Set-Cookie: SESSION_ID=34739880,6BJgeNVXJ8Rs/
a8OuqGO34dBRt5grTk1TxOMTKM2bF3LtfC6T0srsQ==;Path=/
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-GB
Content-Encoding: deflate
Vary: Accept-Encoding, User-Agent

Does anyone know how to deal with these rogue cookies so that we can
implement the same bahaviour as IE and Firefox. I know that
technically they shouldn't bother to implement this broken behaviour,
but someone in the Microsoft IE and Firefox dev teams obviously
decided to accept this broken behaviour and it seems to me that .net
should too.

Al- Hide quoted text -

- Show quoted text -

Hi Ashot,

thanks for the suggestion. I have tried manually parsing out the
cookie as you suggest and then add it back into the headers by calling
using code like the following:

myHttpReq.Headers.Add("Cookie: " + thisCookie.sCookieName + "=" +
thisCookie.sCookieValue);

However, some "clever" bit of the dotnetframework promptly removes my
"manually" added cookie.