Possible browser bug in Nokia 7650: Incorrect cookie handling

[mleal]

Hi.

I seem to have discovered a bug in the Nokia 7650 browser. I would just like some confirmation from someone else who has experienced the same problem or can reproduce it.

The problem is this. Suppose I send a cookie to the browser like this:
Set-Cookie: mycookie=XYZ;Path=/wap/;Domain=www.mywebserver.com

On the next request the browser sends the following header back to the application server:
Cookie: mycookie=XYZ;Path=/wap/;Domain=www.mywebserver.com

When in fact it should send (notice the '$' signs):
Cookie: mycookie=XYZ;$Path=/wap/;$Domain=www.mywebserver.com

Since 'Path', 'Domain' and 'Version' are reserved words and no cookies can be set with that name (according to RFC 2109 - http://www.ietf.org/rfc/rfc2109.txt). What the browser is in fact doing is sending three cookies named 'mycookie', 'Path' and 'Domain'. The problem with this is that many application servers (in my particular case Jakarta Tomcat) will refuse this request.

Has anyone else experienced this and/or can comment on it? I don't know how to check thw SW version of the phone but its User-Agent string is:
Nokia7650/1.0 SymbianOS/6.1 Series60/0.9 Profile/MIDP-1.0 Configuration/CLDC-1.0 UP.Link/4.2.2.5

Marco.

[presentTech]

Hello!
I am experiencing exactly the same problem with both the Nokia 7650 and 3650.

The User agent Strings are:
Nokia7650/1.0 SymbianOS/6.1 Series60/0.9 Profile/MIDP-1.0 Configuration/CLDC-1.0 UP.Link/5.1.1.2a

Nokia3650/1.0 SymbianOS/6.1 Series60/1.2 Profile/MIDP-1.0 Configuration/CLDC-1.0 UP.Link/5.1.1.2a

Is there any way to solve this problem?
Any help would be welcome.


Thanks in advance,
Victor Batista

[tychay]

I don't get that problem with the Nokie 3650, but I do with the Series 60 emulator (WinXP):
http://discussion.forum.nokia.com/fo...1734#post61734

A hack that will probably work for you is for your web application to preempt cookie handling (i.e. manually search the incoming headers for "Cookie:" line and then parse and prune out the "path" and "domain" "cookies". Obviously there is a protocol problem.

Some web applications, notably PHP, are robust enough to handle these broken cookies without blinking.

BTW, the emulator seems to have other serious problems. For instance, if I write a session cookie "S=..." and then write a permanent cookie "SN=..." later, it doesn't seem to store the permanent cookie... it just returns to me "S=...; path=....; domain=....".

Take care,

terry

[nmayle]

Although one could parse the headers using php, if the browser on the handset is not parsing the set-cookie correctly, then it will not interpret the expires and path. Without those fields you have limited control over the cookie scope.

This may explain why it seems impossible to set a non-session cookie on the 3650 -- the phone is not seeing the expires, but instead interpreting "expires" as another cookie.

Has anyone found a work around?