November 25, 2008

Tomcat 5.5.x cookie parsing changed breaking cookies

It appears that Tomcat parses cookie values differently between 5.5.23 and 5.5.26 (latest and easiest to find in the 5.5.x line).

We use cookies where the value of the cookie is in name value format ie the cookie value is something like "has-player=false&player-version=&has-flash=true&flash-version=9.0" (without the quotes). In Tomcat 5.5.26 returns the cookie value as "has-player" (again, no quotes), truncating it at the first '='.

The fix for this is to URL encode the cookie value.