Cookie bugs

Samuel Reynolds sam at spinwardstars.com
Tue May 14 21:15:29 PDT 2002 

FIRST BUG
---------

I haven't been able to get the item help working correctly
in Control Panel add-ins. I traced throught the code and
found out why.

MainResponder.controlPanel.addIn calls webserver.util.setCookie
to store the add-in name in a cookie named "wizard".

When someone clicks on the linked item label, a relative URL of
the form popupWindow$1,2 is opened in a separate, popup window.
This resolves to the script at mainResponder.controlPanel.popupWindow.
MainResponder.controlPanel.popupWindow looks for
pta^.requestHeaders.cookies.wizard, and uses its value to look
up the add-in wizard and retrieve the help text to display.
If pta^.requestHeaders.cookies.wizard isn't found, it defaults
to whatever the first panel from the Control Panel wizard
(the Hosting wizard), and returns the text from there--or
errors out if there are more items in the desired panel than
there are in this (unintentional?) default panel.

I tracked down the problem to webserver.util.setCookie.
When it is called more than once, webserver.util.setCookie
appends "\r\n" and the new named cookie onto the existing
contents of responseHeaders.["Set-Cookie"]. This results
in an un-tagged line in the header, which is (properly)
ignored by the browser.

To fix this, the line:
   adrcookie^ = adrcookie^ + "\r\n" + s
needs to be changed to:
   adrcookie^ = adrcookie^ + "\r\n Set-Cookie: " + s


SECOND BUG
----------
In the process of locating the above bug, I uncovered
another potential bug related to cookies.

Mainresponder.members.setCookie does not call
webserver.util.setCookie. Instead, it simply
assigns its cookie value directly to
responseHeaders.["Set-Cookie"]. While it appears
that Mainresponder.members.setCookie is called
before webserver.util.setCookie (at least in the
Control Panel), this may not always hold.

Unfortunately, mainResponder.members.getHashedCookieString
is designed to return a string that *includes* the
"name=" prefix of the cookie string, rather than
letting that be added in Mainresponder.members.setCookie,
so some refactoring will be necessary to fix this bug.
Basically, mainResponder.members.getHashedCookieString
should return the cookie *value*, then webserver.util.setCookie
should be called to actually add the cookie (instead of
the assignment
   pta^.responseHeaders.["Set-Cookie"] = s
that is now in the code).

- Sam
__________________________________________________
Samuel Reynolds              sam at spinwardstars.com
Frontier at Spinward Stars: http://www.spinwardstars.com/frontier/
Frontier Tutorials: http://www.spinwardstars.com/frontier-tutorials/

More information about the Frontier-Users mailing list