tracker issue : CF-3715101

select a category, or use search below
(searches all categories and all time range)

ColdFusion 10 cannot read the cookie value with = character

| View in Tracker

Status/Resolution/Reason: Closed/Won't Fix/Workaround

Reporter/Name(from Bugbase): Sanjeev Krishna / Sanjeev Krishna (Sanjeev MANDALAPU)

Created: 02/28/2014

Components: Core Runtime

Versions: 10.0

Failure Type:

Found In Build/Fixed In Build: Final /

Priority/Frequency: Major / All users will encounter

Locale/System: English / Win 2008 Server R2 64 bit

Vote Count: 0

Problem Description:

ColdFusion is not reading the cookie value properly if the value contains any special characters

Steps to Reproduce:


<cfheader name="Set-Cookie" value="c1=m.e.r(12)=1;path=/;HTTPOnly">
<cfheader name="Set-Cookie" value="c2=m.e.r(12)=2;path=/;HTTPOnly">
<cfheader name="Set-Cookie" value="c3=m.e.r=1;path=/;HTTPOnly">
<cfheader name="Set-Cookie" value="c4=m.e.r=2;path=/;HTTPOnly">

<cfdump var="#cookie#" />

Actual Result:

name "c1" with value m.e.r
name "c2" with value m.e.r
name "c3" with value m.e.r
name "c4" with value m.e.r

Expected Result:

cookie - 

name "c1" with value m.e.r(12)=1
name "c2" with value m.e.r(12)=2
name "c3" with value m.e.r=1
name "c4" with value m.e.r=2

Any Workarounds:

Using GetHttpRequestData().headers.cookie is giving the proper information. But this is highly unreliable.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3715101

External Customer Info:
External Company:  
External Customer Name: Sanjeev MANDALAPU
External Customer Email:  
External Test Config: My Hardware and Environment details:

ColdFusion 10u11 64bit, IIS as web server and running on a Win 2k8 R2.



This is effecting our CRM tracking data and costing us a lot of money in lost advertising leads
Comment by External U.
13133 | February 28, 2014 03:27:28 AM GMT
Equals sign is a special character in cookie value. In order to use equals value in the cookie the value should be either wrapped in double quotes or use url encoding method. If you want to use cfheader for creating the cookie encode the value part and decode it while using. Instead of cfheader use cfcookie which wraps the cookie value around quotes which allows special characters such as = according to cookie spec. If we don't have control over cookie creation, tomcat provides a system property to allow equals character in cookie value. Set the java system property -Dorg.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE=true in jvm.config to allow equals characters in an unquoted cookie value. check out system properties of tomcat at
Comment by S V.
13134 | May 06, 2014 05:47:43 AM GMT
Pavan has given a workaround in the previous comment and so closing the bug as NeverFix->WorkAround.
Comment by Suchika S.
13135 | December 05, 2014 04:03:16 AM GMT