P3
Signed applet loaded over http and make https connection with servlet. Servlet set the cookies in response.Signed applet tried to get the cooies via JSObject. But it failed.
Enviroment:
XP sp3, FF 12.0, JDK 7u6 b14
Steps to reproduce:
1) Clean browser's cookies
2) Launch the test applet from
http://10.182.69.181:8080/cookies/html/testHTTPGetSetCookieSignedSecureLC.html
3) Click accept to Run
4) Click not to block
5) Click continue
6)Applet will create a https connection to servlet with HttpUrlConnetion. The servlet will set the cookie in the reponse. Then the applet will try to read the cookie with JSobject after getting the reponse.
7) If got such information in console, the bug is reproducible
https://10.182.69.181:8443/cookies/servlets/set_CookieCommonServlet?cookieName=MyTestSecure&cookieValue=5&cookieMaxAge=100000 with cookie "MyTest=5; MyTestSecure=5"
network: Server https://10.182.69.181:8443/cookies/servlets/set_CookieCommonServlet?cookieName=MyTestSecure&cookieValue=5&cookieMaxAge=100000 requesting to set-cookie with "MyTestSecure=5; Expires=Tue, 26-Jun-2012 08:59:00 GMT; Path=/; Secure"
network: Server https://10.182.69.181:8443/cookies/servlets/set_CookieCommonServlet?cookieName=MyTestSecure&cookieValue=5&cookieMaxAge=100000 requesting to set-cookie with "JSESSIONID=4B36BA4442746B0E2A340402D5261380; Path=/cookies; Secure"
@@@@ null = HTTP/1.1 200 OK
@@@@ Date = Mon, 25 Jun 2012 05:12:20 GMT
@@@@ Transfer-Encoding = chunked
@@@@ Set-Cookie = MyTestSecure=5; Expires=Tue, 26-Jun-2012 08:59:00 GMT; Path=/; Secure
@@@@ Set-Cookie = JSESSIONID=4B36BA4442746B0E2A340402D5261380; Path=/cookies; Secure
@@@@ Server = Apache-Coyote/1.1
@@@@ #### try reading cookies using browser APIs
Entering.. getCookies()
@@@@ cookies found using JSObject browser API: cookie_content=foo; MyTest=5
@@@@ persistent Cookie found by JSObjectAPIs ? false
@@@@ session Cookie found by JSObjectAPIs ? false
Note:
We have a test case that send a request to another servlet via secure connection.The servlet can read the cookies from request.
Source:
http://10.182.69.181:8080/cookies/src/HTTPGetSetCookieLC.java
http://10.182.69.181:8080/cookies/src/servlets/set_CookieCommonServlet.java
Affect test Case:
CookiesTest::testHTTPGetSetCookieSignedSecureLC
CookiesTest::testHTTPGetSetCookieFromSecureJSDPLC
Enviroment:
XP sp3, FF 12.0, JDK 7u6 b14
Steps to reproduce:
1) Clean browser's cookies
2) Launch the test applet from
http://10.182.69.181:8080/cookies/html/testHTTPGetSetCookieSignedSecureLC.html
3) Click accept to Run
4) Click not to block
5) Click continue
6)Applet will create a https connection to servlet with HttpUrlConnetion. The servlet will set the cookie in the reponse. Then the applet will try to read the cookie with JSobject after getting the reponse.
7) If got such information in console, the bug is reproducible
https://10.182.69.181:8443/cookies/servlets/set_CookieCommonServlet?cookieName=MyTestSecure&cookieValue=5&cookieMaxAge=100000 with cookie "MyTest=5; MyTestSecure=5"
network: Server https://10.182.69.181:8443/cookies/servlets/set_CookieCommonServlet?cookieName=MyTestSecure&cookieValue=5&cookieMaxAge=100000 requesting to set-cookie with "MyTestSecure=5; Expires=Tue, 26-Jun-2012 08:59:00 GMT; Path=/; Secure"
network: Server https://10.182.69.181:8443/cookies/servlets/set_CookieCommonServlet?cookieName=MyTestSecure&cookieValue=5&cookieMaxAge=100000 requesting to set-cookie with "JSESSIONID=4B36BA4442746B0E2A340402D5261380; Path=/cookies; Secure"
@@@@ null = HTTP/1.1 200 OK
@@@@ Date = Mon, 25 Jun 2012 05:12:20 GMT
@@@@ Transfer-Encoding = chunked
@@@@ Set-Cookie = MyTestSecure=5; Expires=Tue, 26-Jun-2012 08:59:00 GMT; Path=/; Secure
@@@@ Set-Cookie = JSESSIONID=4B36BA4442746B0E2A340402D5261380; Path=/cookies; Secure
@@@@ Server = Apache-Coyote/1.1
@@@@ #### try reading cookies using browser APIs
Entering.. getCookies()
@@@@ cookies found using JSObject browser API: cookie_content=foo; MyTest=5
@@@@ persistent Cookie found by JSObjectAPIs ? false
@@@@ session Cookie found by JSObjectAPIs ? false
Note:
We have a test case that send a request to another servlet via secure connection.The servlet can read the cookies from request.
Source:
http://10.182.69.181:8080/cookies/src/HTTPGetSetCookieLC.java
http://10.182.69.181:8080/cookies/src/servlets/set_CookieCommonServlet.java
Affect test Case:
CookiesTest::testHTTPGetSetCookieSignedSecureLC
CookiesTest::testHTTPGetSetCookieFromSecureJSDPLC