Cookie.setPath Inconsistent with RFC 2109

My reading indicates that Java EE imposes an additional restriction beyond that in RFC 2109 on setting Cookies. That does not make policy sense. Am I interpreting the specification correctly? If so, should the Java EE part be changed?
From Java EE 5 documentation for Cookie.setPath(.)
bq. {color:#999999} \\ public void setPath(String uri) \\ Specifies a path for the cookie to which the client should return the cookie. \\ The cookie is visible to all the pages in the directory you specify, and all the pages in that directory's subdirectories.{color} A cookie's path must include the servlet that set the cookie, for example, /catalog, {color:#999999}which makes the cookie visible to all directories on the server under /catalog.{color} \\ Consult RFC 2109 (available on the Internet) for more information on setting path names for cookies.
From RFC 2109: http://www.ietf.org/rfc/rfc2109.txt
bq. 4.3.2 Rejecting Cookies \\ To prevent possible security or privacy violations, a user agent \\ rejects a cookie (shall not store its information) if any of the \\ following is true: \\ * The value for the Path attribute is not a prefix of the request- \\ URI. \\ {color:#999999} \\ * The value for the Domain attribute contains no embedded dots or \\ does not start with a dot. \\ * The value for the request-host does not domain-match the Domain \\ attribute. \\ * The request-host is a FQDN (not IP address) and has the form HD, \\ where D is the value of the Domain attribute, and H is a string \\ that contains one or more dots. \\ {color}

You can provide feedback to Apple here >  Apple - Safari - Feedback

Similar Messages

  • Regarding Safari cookie size problem (RFC 2109)

    Latest Safari versions do not comply with RFC 2109 regarding cookies size.
    RFC 2109 6.3  Implementation Limits
       Practical user agent implementations have limits on the number and
       size of cookies that they can store.  In general, user agents' cookie
       support should have no fixed limits.  They should strive to store as
       many frequently-used cookies as possible.  Furthermore, general-use
    user agents should provide each of the following minimum capabilities
       individually, although not necessarily simultaneously:
    * at least 300 cookies
    * at least 4096 bytes per cookie (as measured by the size of the
            characters that comprise the cookie non-terminal in the syntax
            description of the Set-Cookie header)
    * at least 20 cookies per unique host or domain name
    User agents created for specific purposes or for limited-capacity
       devices should provide at least 20 cookies of 4096 bytes, to ensure
       that the user can interact with a session-based origin server.
    Latest Safari violates this RFC and has 4 KB limit on total size of all cookies for each domain.
    It causes severe problems with many Web Applications including Web Applications which use Microsoft SAML2 federated security.
    Safari must support up to 20 cookies per domain and each cookie must be at least 4096 bytes long.
    Where can I get a fix fro Safari.
    This was tested with Safari for MS Windows, but people reported same problem for many other platforms.

    You can provide feedback to Apple here >  Apple - Safari - Feedback

  • [svn:bz-trunk] 8308: Bug: BLZ-311 - non-RFC 2109 compliant Cookies are ignored due to default HTTPClient CookiePolicy

    Revision: 8308
    Author:   [email protected]
    Date:     2009-06-26 08:26:58 -0700 (Fri, 26 Jun 2009)
    Log Message:
    Bug: BLZ-311 - non-RFC 2109 compliant Cookies are ignored due to default HTTPClient CookiePolicy
    QA: Yes
    Doc: No
    Checkintests: Pass
    Details: Added a cookie-policy configuration parameter to control the policy used by the HTTPClient in proxy service.
    Ticket Links:
        http://bugs.adobe.com/jira/browse/BLZ-311
    Modified Paths:
        blazeds/trunk/modules/proxy/src/flex/messaging/services/http/HTTPConnectionManagerSetting s.java
        blazeds/trunk/modules/proxy/src/flex/messaging/services/http/HTTPProxyAdapter.java
        blazeds/trunk/resources/config/proxy-config.xml

  • Product version inconsistent with software components

    Hi,
    after upgrading our sandbox from 4.6C to ERP 6.0 EHP4 SP06 i've changed the product assignment in SMSY and fetched the new data using "Read System Data Remote". Now there are two problems:
    1.) Read System Data Remote shows error message S:032:000 trying to fetch data using RFC. No more explanations or long text. Although data is been read and updated and RFC test connection is ok.
    2.) The related system shows exclamation mark "Product version inconsistent with software components". The product version is SAP ERP 6.0, Product Instance is SAP ECC Server.  Now i tried "Change Product Assignment" and "Clean-Up Inconsistencies".  This results in a list of "Inconsistent Database Assignments" like "Product: SAP ERP" and "Product Instance: SAP SRM-Server". Nothing i can change here. I'm confused as i haven't defined SAP SRM-Server anywhere just SAP ECC-Server.
    Any ideas about 1.) or 2.)
    It seems to me that Solution Manager doesn't make life easier in the first.
    Thanks.

    Miguel,
    i have checked note 1165438 but can't see how this should help. The technical usage is correct and there is only one specified which is ECC / Central Applications. Still SMSY complains about SAP SRM-Server and more.
    Let me say that the system was defined as 4.6C before the upgrade and that we used Solution Manager to download all required packages for ERP 6.0 EHP4 SP06 which worked fine. The problem is as said before that after changing the product version to ERP 6.0 there are inconsistencies shown on the product assignment page (inconsistent database assignment) for SAP SRM-Server, SRM-Catalog, cProject Suite, Workforce Management, E-Recruiting, NW-Business Intelligence, NW-Process Integration, SEM, SRM-Server ECC AddOn, SRM Catalog Content, NW Mobile Infrastructure, FSCM-FSCM Server (ABAP), Application Platform-IPC and Learning Sol-Frontend ABAP. Never heard about them nor specified them anywhere.

  • Order not getting saved with RFC user

    Hi CRM experts,
    We have custom report to update payment card details in CRM order. For an error order when I try to update the card details in CRM it successfully deactivates the "Contains Error(I1030)" status and saves the order.
    Whereas the same error order when I try to update the card details through external system, the user is RFC user, the program does not deactivates the status I1030 and the order gets saved with error.
    Initially I thought it is an authorization issue with RFC user, so I tried applying SAP_ALL access to RFC user but it did not work.
    Kindly suggest the possible solution.
    Thanks in advance
    Meenu.

    Hi Meenu,
    The standard one order framework works in such a way that when any changes to any object like PARTNER , HEADER , ITEMS , CARDS etc take place, then after changes done, the system checks for any inconsistency for that particular object and displays error messages accordingly.
    At the next change, the check runs again and the messages are removed. The checks are run through the standard event framework of BEFORE and AFTER. So in case the error messages are not getting removed, it means that these events are not getting triggered properly. I think that you are using individual FM for changing the details which could be something like CRM*CARD*MAINTAIN*OW*, you can try using CRM_ORDER_MAINTAIN, as this FM triggers all events correctly.
    /Hasan

  • Invalid_jobdata when submitting job with rfc user

    Hi,
    I've created a function module in the erp system to remotly trigger a report program by a bw prossess chain.
    When running in the forground it works fine, but the runtime is so long that I want it as a background job.
    So I call job_open, job_submit, job_close in the function module. When I test the function module in the erp system with my dev user it opens a new job, adds a step and release correctly. It also runs fine if I intercept it in the debugger and change sy-uname to aleremote (the standard rfc user).
    It does not work when it's acctually called rfc from the bw system. The job is opened, but job_submit throws invalid_jobdata.
    Could this have anything to do with rfc or the executing user (which is of type SYSTEM)?

    I've caught the execption so there is no dump, but I'm unable to determine why the function module job_submit gives invalid_jobdata only when the executing user is the aleremote user and only when the call originated (the call to my module) from a remote system (the module job_submit is called locally thru my module). Authorization for the user is sap_all, but I was woundering maybe the user type system could be a problem?

  • Connection between SAP R/3 and SAP XI with RFC

    Hi Experts,
    I am beginner in SAP XI.
    We are using SAP XI 3.0 SP 9 and SAP R/3 4.6 C
    I am trying to validate a connection between SAP R/3 and SAP XI with RFC.
    I followed all the weblogs ,and i did exactly the same way, but I am unsucessful...
    Schema not available Exception
    com.sap.aii.af.service.cpa.CPAException: Schema not available for RFC|3b787a8035c111d6bbe0efe50a1145a5|http://sap.com/xi/XI/System.
    at com.sap.aii.af.service.cpa.impl.cache.directory.DirectoryDataSAXHandler.endElement(DirectoryDataSAXHandler.java:262)
    at com.sap.engine.lib.xml.parser.handlers.SAXDocHandler.endElement(SAXDocHandler.java:154)
    at com.sap.engine.lib.xml.parser.XMLParser.scanEndTag(XMLParser.java:1826)
    at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1722)
    at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2298)
    at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1719)
    at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2701)
    at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:162)
    at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:126)
    at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:136)
    at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:209)
    at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:270)
    at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:331)
    at com.sap.engine.lib.xml.parser.SAXParser.parse(SAXParser.java:125)
    at javax.xml.parsers.SAXParser.parse(SAXParser.java:345)
    at javax.xml.parsers.SAXParser.parse(SAXParser.java:143)
    at com.sap.aii.af.service.cpa.impl.cache.directory.DirectoryDataParser.updateCentralCache(DirectoryDataParser.java:54)
    at com.sap.aii.af.service.cpa.impl.cache.CacheManager.updateCacheWithDirectoryData(CacheManager.java:713)
    at com.sap.aii.af.service.cpa.impl.cache.CacheManager.performCacheUpdate(CacheManager.java:595)
    at com.sap.aii.af.service.cpa.impl.cache.CacheManager$CacheUpdateRunnable.run(CacheManager.java:440)
    at com.sap.engine.frame.core.thread.Task.run(Task.java:60)
    at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:73)
    at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:145)
    Please help me out on this
    Thanks in advance
    Raju

    hi,
    try refreshing you CAP cache:
    741214 (check this note)
    and check if the refresh was successful
    (CPA history)
    Regards,
    michal

  • Indexes: Inconsistent with DDIC source

    Hi, i have an issue in the DB02, i have a message that missing some index, when i check the se14 i see the error
    Database object for /BI0/E0BPM_C01 is inconsistent: (Secondary indexes)
    and Indexes: Inconsistent with DDIC source
    on the database the index exist, but in Dictionary do not exist
    with the TX se14 I try to "activate and adjust database" with Save data but the issue still continue
    any idea or support is welcome
    regards

    when i try to create a index with the TX SE11 i can't
    i obtain the message "Index ID 0 is reserved for the primary index"
    regards

  • RFC Function Module - Message Reference parameters are not allowed with RFC

    Hi,
    I’ve checked the Remote-Enabled Module radio button, declared Import and Export parameters using ‘Type’ typing and checked the ‘Pass Value’ in export and import parameters but I still receive message ‘Reference parameters are not allowed with RFC’ and not able to activate the function module.
    Am I missing something?
    Regards,
    ...Naddy

    Hi all,
                   I faced the same problem and solved it ,
    You have defined a reference parameter for a remotely called
      function module. However, only value parameters are allowed
      for this type of module.
      Procedure
      Change the reference parameter to a value parameter.
    Guys  pls .don't leave the thread un-asnwered when you solved problem , post the solution it might be useful for others also.
    Regards
    Krishna Acharya

  • Problem in XI with RFC Comunications

    HI Gurus
    I try to configure a scenario synchronus with RFC but when i send the message the system show me the next error:
    " <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
    - <!-- Inbound Message
    -->
    - <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
    <SAP:Category>XIAdapterFramework</SAP:Category>
    <SAP:Code area="MESSAGE">GENERAL</SAP:Code>
    <SAP:P1 />
    <SAP:P2 />
    <SAP:P3 />
    <SAP:P4 />
    <SAP:AdditionalText>com.sap.aii.af.ra.ms.api.DeliveryException: Exception in method process.</SAP:AdditionalText> <SAP:ApplicationFaultMessage namespace="" />
    <SAP:Stack />
    <SAP:Retry>M</SAP:Retry>
    </SAP:Error>
    This same scenario when i do with proxis it´s ok and don´t show me any problems.
    Any idea for this issue???
    Thanks and Regards!!!

    looks like RFC response is not handled
    Check whether RFC is return proper response inR/3 with the same payload of XI
    Rajesh

  • AUTO PO print out creates spool with RFC user.

    We have classic scenario where AUTO SRM PO print out spool is create with RFC user. While PO data is passing to R/3 is correct with correct user (created_by). Out put is created on the name with RFC user not with user who create SRM SC& PO. BADI BBP_CREATE_PO_BACK will help?

    Hi Vishal,
    Welcome to SDN.
    Do they use custom PO SAPScript/Smartform?
    If they do, you may want to check the print program (custom one) and the custom PO form. Perhaps there is some logic to set/display with the european decimal notation.
    If they don't, you can also check the print program setting and do debugging (if necessary) to find out the logic to assign european decimal notation. 
    Hope this will help.
    Regards,
    Ferry Lianto
    Please reward point if helpful.

  • Inconsistency with document splitting

    Dear All,
    I have activated Document splitting option after posting few documents----open itmes. After document splitting is activated now i cannot clear those line items which were posted before document splitting was activated.
    Is there any way to remove this inconsistency with the old documents. Any program to be run...or any other solution.
    Please help to resolve the issue.
    Sap Frido.

    hi,
    Is there any program which removes this inconsistency. As we have program to run the inconsistency in witholding tax.
    Thnaks and regards
    Sap frido

  • Parameter Mapping with RFC Callable Object not working

    Hi Folks
    Scenario
    I have a process scenario like this
    Interactive Form Callable Object A -triggers> Process [Interactive Form Callble Object B -> Interactive Form Callble Object C -> RFC Callable Object ]
    All the forms A, B, C use same form template, different sections of it lets say i, j and k are filled by different guys.
    Now my parameter mappings are as follows -
    a) Page level meeting between B & C called P Map.
    b) Process parameter mapping with Form A and appropriate section of P Map lets say section i
    c) fields of Form C are mapped to RFC callable object fields
    Problem
    The data filled in Form A [section i] disappears when I open and see the Form B.
    If I remove the mappings of fields of Form C with RFC callable objec fields, I am able to see it.
    Has anyone faced it before!

    Hi,
    This is a known issue on SP10 and it will be fixed in the next patch for SP10.
    Hope this helps!
    Best regards,
    David

  • BAPI with RFC enables creation and mapping required settings

    Dear Experts,
    My client is having their old legacy system in .Net .
    Now their requirement is whenever they will create Vendor in their system that created vendor entry should be created automatically in SAP.
    I dont know about BAPI and RFC and how it will work.
    I will try to go up to the creation of BAPI with RFC enabled.
    But to map their requirement what Steps and Setting need to be done in SAP as well as in their Legacy system (.Net).
    Please guide me to solve the issue.
    Regards,
    Sanket.

    closed

  • IOS-XR 5.1.3 SP2 - %OS-RT_CHECK-3-INCONSISTENCY_DETECTED : ipv4-unicast detected inconsistency with

    I'm curious if anyone else has seen this message logged after an up/down grade to 5.1.3 w/ SP2
    %OS-RT_CHECK-3-INCONSISTENCY_DETECTED : ipv4-unicast detected inconsistency with 1 entries for scan-id N
    We were told by TAC this is a cosmetic issue only and not to worry.  However, the engineer inside me wants to know what the router is upset about and how to suppress the log message.  I'd also like to ask Cisco to create a cosmetic bug fix for 5.1.3 to resolve the log message if it is indeed truly cosmetic only in nature.
    Thanks!
    -ben

    hi Ben, the ddts is fixed in 52x forward. There is no smu planned for prior releases.
    you can schedule a periodic selective clear of the log buffer via:
    RP/0/RSP0/CPU0:A9K-BNG#clear log events delete [option] [field]
    the logging correlator, here is a little write up on that (copy/paste from my kb)
    XR nag Killer
    The short version  (i.e. here's the code to make it happen!)
    !! enter config mode... 
    conf t
    !! this removes the correlator so you can edit it...
    no logging correlator apply rule kill-annoyances all-of-router
    !!! define the rule
    logging correlator rule kill-annoyances type nonstateful
      timeout 600000
    !!! this is the "root cause" one... make sure you pick something that happens frequently
    rootcause PLATFORM ENVMON FAN_FAIL
    !!! these are all the NON root cause events. this is what gets squashed along with the root cause.
    !!! add things here that you want squashed.
      nonrootcause
      alarm PLATFORM ENVMON FAN_CLEAR
      alarm PLATFORM ENVMON FANTRAY_FAIL
      alarm PLATFORM ENVMON ENV_CONDITION
      alarm PLATFORM ENVMON FANTRAY_CLEAR
    !!! timeouts are currently maxed at ten minutes... (smu anyone?)
      timeout-rootcause 600000
    !!! this re-applies the correlator
     logging correlator apply rule kill-annoyances all-of-router
    !!! now commit the thing
    commit
    !!! done...
    On a somewhat related note, if anyone is not already familiar with the
     "logging correlator" function -- it can be used to greatly reduce the
     amount of "noise" generated by all these various little things that are
     broken (like single fan tray systems!)
     An example config that I have on my box is as follows:
     logging correlator rule fan type nonstateful
      timeout 600000
      rootcause PLATFORM ENVMON FAN_FAIL
      nonrootcause
      alarm PLATFORM ENVMON FAN_CLEAR
      alarm PLATFORM ENVMON FANTRAY_FAIL
      alarm PLATFORM ENVMON ENV_CONDITION
      alarm PLATFORM ENVMON FANTRAY_CLEAR
      timeout-rootcause 600000
    logging correlator apply rule fan
      all-of-router
    >>
    Which essentially says the following:
    >>
    1) a message of format "PLATFORM-ENVMON-FAN_FAIL" is a 'root cause' event.
    the timeout for root cause events is set to 600000ms (ten minutes), so
    no matter how many of these events I see, I will only actually throw a
    syslog every ten minutes.
    2) underneath this 'root cause' event are a number of 'nonrootcause'
    events.  If I see any of these events within the timeout specified (again,
    ten minutes) of a 'root cause' I will also suppress these messages -- the
    theory here is that I already know the root cause and don't want to clutter
    myself up with all the side effects.    In reality we're just hacking the
    correlator to get rid of messages, but hey -- it works.  ;-)
    >>
    3) this particular "correlator rule" is applied to the whole router (you
    *can* do all sorts of funky stuff with where you apply it if you want).
    4) in real environments the idea is to have lots of different correlators
    for different events... but what I do is basically maintain a great big
    list of known syslog messages that I don't want to have splattering my
    screen, and the correlator gobbles them all up for me.
    >>
    Limitations:
    >>
    5) UPDATE: you can now set timeouts up to 7200000 seconds (LONG time...)
    >>
    6) the only really annoying part is that you have to unapply the rule
    before you can edit it... so the process is "unapply rule, commit, change
    rule, apply rule, commit" instead of just "change rule".  But hey, it's
    better than nothing.
    >>
    7) if you want to see the messages that got suppressed/correlated, use the
    "show logging correlator buffer all-in-buffer" command -- and sit back and
    be amazed at how much console bandwidth you've saved.  ;-)
    >>
    Hope people find this helpful...
    config example courtesy of LJ Wobker.
    xander

Maybe you are looking for