[ic] CookieName directive fails

Davor Ocelic docelic at mail.inet.hr
Thu Aug 11 18:12:10 EDT 2005

On Wed, 27 Jul 2005 11:52:47 -0600 (MDT)
Jon Jensen <jon at endpoint.com> wrote:

> On Wed, 27 Jul 2005, Bruno Cantieni wrote:
> >> I'm interested to hear if setting CookiePattern fixes your problem.
> >
> > Thanks for the feedback on this, Jon.
> > I was under the impression that Config.pm provided a default value for this:
> > 	['CookiePattern',	 'regex',     	     '[-\w:.]+'],
> It looks like you're right. Hmm.
> Well, it's probably time to start adding some logDebug() calls to 
> Vend::Dispatch so you can see exactly what's going on at each step of 
> those routines.

Hello folks,

I was floating around CookieName for some other purposes, and I 
traced your problem.

Interchange cookie is in the form:

  SessionID (8 to 32 characters), followed by a colon (:),
    followed by an IP address, username or domainname.

When no CookieName is set, the code takes the default path
and extracts session ID by using this hard-coded regex:


As you see, from the complete MV_SESSION_ID string, it only
takes first 8 to 32 characters, before the colon or underscore.

However, when CookieName *is* set, it tries to match this:


The problem is that CookiePattern is currently set to 
'[-\w:.]+', which is too liberal, and matches the whole cookie
value instead of just the session part (8-32 chars) up to the
first comma.

I suppose the solution is to change the default CookiePattern
value from [-\w:.]+ to \w{8,32}

Otherwise, I've tested and CookieName works properly
"out of the box".

I'll commit the fix to CVS.

-docelic at icdevgroup.org

More information about the interchange-users mailing list