Bug #47073

Cookie causes Error after Update

Added by Bernd Helbig over 8 years ago. Updated almost 7 years ago.

Status:
New
Priority:
Must have
Assignee:
-
Category:
Http
Target version:
-
Start date:
2013-04-09
Due date:
% Done:

0%

Estimated time:
PHP Version:
5.3
Has patch:
No
Complexity:

Description

Notice: Undefined offset: 1 in /.../_flow/FLOW-2.0/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Headers.php on line 433 
Fatal error: Uncaught exception 'InvalidArgumentException' with message 'The parameter "name" passed to the Cookie constructor must be a valid token as per RFC 2616, Section 2.2.' in /.../_flow/FLOW-2.0/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Cookie.php:105 
Stack trace: #0 /.../_flow/FLOW-2.0/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Headers.php(434): TYPO3\Flow\Http\Cookie->__construct('', '') 
#1 /.../_flow/FLOW-2.0/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Headers.php(128): TYPO3\Flow\Http\Headers->setCookiesFromRawHeader('') 
#2 /.../_flow/FLOW-2.0/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Headers.php(54): TYPO3\Flow\Http\Headers->set('Cookie', '') 
#3 /.../_flow/FLOW-2.0/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Headers.php(81): TYPO3\Flow\Http\Headers->__construct(Array) 
#4 /.../_flow/FLOW-2.0/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Request.php(75): TYPO3\Flow\Http\He in /.../_flow/FLOW-2.0/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Cookie.php on line 105

Occurance: after updating application on test-server (ftp, sql-dump) and running flow:cache:flush
Direct cause: unknown

Related Infos: Apart from the session-id, the application saves one extra cookie with a lifetime of +1 year. Manually deleting this cookie in the browser lets the application to run without error again.

#1

Updated by Robert Lemke over 8 years ago

  • Target version set to 2.0.1
#2

Updated by Bernd Helbig over 8 years ago

Heres another cause that triggers the same problem, now on beta3

In Firefox 17.0.6-esr on ubuntu x64 the problem can be replicated easily by opening Firebug 1.11.3 and refreshing the page.
Closing the Firebug panel causes the site to work again.

Notice: Undefined offset: 1 in  /.../_flow/FLOW-2.0-beta3/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Headers.php  on line 433  
Fatal error: Uncaught exception 'InvalidArgumentException' with message  'The parameter "name" passed to the Cookie constructor must be a valid  token as per RFC 2616, Section 2.2.' in  /.../_flow/FLOW-2.0-beta3/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Cookie.php:105 
Stack  trace: 
#0  /.../_flow/FLOW-2.0-beta3/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Headers.php(434):  TYPO3\Flow\Http\Cookie->__construct('', '') 
#1  /.../_flow/FLOW-2.0-beta3/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Headers.php(128):  TYPO3\Flow\Http\Headers->setCookiesFromRawHeader('') 
#2  /.../_flow/FLOW-2.0-beta3/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Headers.php(54):  TYPO3\Flow\Http\Headers->set('Cookie', '') 
#3  /.../_flow/FLOW-2.0-beta3/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Headers.php(81):  TYPO3\Flow\Http\Headers->__construct(Array) 
#4  /.../_flow/FLOW-2.0-beta3/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http  in  /.../_flow/FLOW-2.0-beta3/Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/Cookie.php  on line 105 
#3

Updated by Bastian Waidelich over 8 years ago

We had other reports (in the #typo3-flow IRC channel) reporting this bug when hosting Neos on the same domain as other tools (in this case the axigen webmailer, see http://pastebin.com/p0JwCKXk).
I'm not sure how important it is to strictly follow RFC 2616 for the cookie names and how to deal with "legacy" names. Probably there is no great harm in accepting them, too

#4

Updated by Bernd Helbig over 8 years ago

In our case, we have nothing else running on the server yet.
The cookie in question in the form of "abc_lang" and should be well within RFC specs.

#5

Updated by Sebastian Müller over 7 years ago

We had the same error. The Problem was a trailing ; in the cookie. After removing it, flow works again.

If you are using varnish:
We are using varnish and removed cookies before sending request to backend. We removed some cookies but also have to remove the may occuring trailing ;.
set req.http.Cookie = regsuball(req.http.Cookie, "; *$", "\1");

#6

Updated by Adrian Föder over 7 years ago

  • Status changed from New to Accepted
  • Assignee set to Bastian Waidelich
  • Target version deleted (2.0.1)

a must have IMO, too.
We have (sorry for that: a Joomla) on the same domain, and when plucked its Cookie and visiting Flow/Neos, that too restrictive exception occurs.

I would wrap it in a try {} catch (\InvalidArgumentException); but where? And, since everything involved is Proxy(false), we cannot log the exception :(

Bastian, what would you suggest; I'd gladly implement it.

#7

Updated by Adrian Föder over 7 years ago

addendum: the evil cookie names in questions are (both)

  • fboard_settings[current_view]
  • fboard_settings[member_id]

...for example.

#8

Updated by Adrian Föder over 7 years ago

I see the problem in just catching the exception silently because there may be use cases where an exception is wanted.
What do you think about something like a "graceful" state of the Http Request and everything involved? I am not sure about this, this might quickly become hacky...

...and one more update, seems like PHP itself is not fully blameless for this, see http://www.php.net/manual/en/function.setcookie.php `Example #3 setcookie() and arrays`: it encourages the use of stuff like setcookie("cookie[three]", "cookiethree"); which is obviously not RFC compliant.

#9

Updated by Bastian Waidelich almost 7 years ago

  • Status changed from Accepted to New
  • Assignee deleted (Bastian Waidelich)

I still agree that this is an important issue but in order to prevent this from lingering on in limbo I unassign myself for now so no-one feels blocked to push a patch ;)

Also available in: Atom PDF