How can Tomcat's cookies with quoted values be read correctly in ASP?

Question

We have a site which integrates Java web apps under Tomcat with ASP pages, including sharing information in cookies in the traditional ASP key/value format:

Cookie: foo=a=b&c=d; ...

As of Tomcat 5.5.26, cookie handling has been altered slightly, with the effect that our cookie value is now enclosed in quotes, which wasn't the case before:

Cookie: foo="a=b&c=d"; ...

However, we have ASP code that also reads this cookie, and which expects the values in it to be parseable thus:

Response.Write("["+Request.Cookies("foo")("c")+"]");

This now fails to return the expected result:

[d"]

I have read about the use of:

javax.servlet.http.Cookie#setVersion(int)

to modify this behaviour but it doesn't seem to be what is needed here. I am aware that the quoted value is more "correct", but try telling ASP that... Is there any trick I have missed about getting ASP (or Tomcat) to play nice? TIA as always.

Answer 1

Quoted cookies correnspond to cookie version > 1 or 2 Non-quoted cookies are valid for cookie version 0

If you have a look at the very interesting discussion over at tomcats bugzilla: https://issues.apache.org/bugzilla/show_bug.cgi?id=44679 there seem to be multiple ways to tune tomcats cookie behaviour.

If you have control about tomcat setting the cookies then this would be the way to switch to non quoted cookies:

Cookie cookie = new Cookie(COOKIENAME,COOKIEVALUE);
cookie.setVersion(0);

This cookie will be be saved unquoted but will also restrict you to a smaller char-set and additional rules like not having any leading/trailing spaces.