Problem: Cookie Handling in MVC Server is Case sensitive

itSDS · 2015-06-25 13:27:08

Hi AB, since 3 Days we riddle about a Problem saving Session Data (Login) in a Cookie.

(You can use MVCServer (Sample30)) to reproduce !
Let me explain the Problem with Sample 30

Use this test - URL:

http://localhost:8092/Blog/default (BIG Blog )
http://localhost:8092/blog/default (little blog )
and try to login

Cookie is successfully saved with CurrentSession.Initialize (...
In Browser we can see Cookie Data is registered to /blog <-- lowercase

      CurrentSession.Initialize(@SessionInfo,TypeInfo(TCookieData));
      GotoDefault(result);

If you call

  if (CurrentSession.CheckAndRetrieve(@SessionInfo,TypeInfo(TCookieData))=0) or

then if URL is /Blog the Cookie is not loaded
else if you call URL with /blog it is loaded
The retrieval of stored Cookie is case sensitive.

Can you fix it ?

Last edited by itSDS (2015-06-25 13:39:27)

itSDS · 2015-06-26 09:50:07

The Main Problem is that url are case insensitive, you can enter the url as you want: Blog, bLog, BLOG, ...
But the Login only works with blog in lowercase.

Last edited by itSDS (2015-06-26 09:56:24)

ab · 2015-06-26 10:17:08

Please try http://synopse.info/fossil/info/44573a4191

itSDS · 2015-06-26 12:30:22

Hi AB - i testet it and it works.

BUT... we have 3 MVC-Server in one Service. 2 of them with login. Now all the Cookies are stored in "\".
I think it makes no Problem except a little more traffic cause now all Cookie Data from each MVC - Application is transfered.

Hopefully you understand me...

ab · 2015-06-26 13:21:15

I did not find any other way of implementing it.

The Path= element of the cookie definition is case sensitive, AFAIK.
So I defined Path=/ to include all sub-URIs...

But all cookies would be transmitted for all those sub-URIs, now!

If you see any other implementation pattern, feel free to share...

itSDS · 2015-06-26 13:44:56

is it possible to generally convert the Path to lowercase in all places where it is used ?
I don't know exactly where in the source to change this.

ab · 2015-06-26 13:50:57

The problem is on the browser side.

Cookies path is case-sensitive on the browser side, not on the server side!
If they are stored with Path=/root then the browser won't transmit them with a path like /Root/...

Perhaps the only simple possibility may be to redirect any /ROoT/anything to plain /root/anything using HTTP 301 code - see https://en.wikipedia.org/wiki/HTTP_301

itSDS · 2015-06-27 06:43:56

You are right redirecting Sems to be the Common way
Will Youmsi implement it ?

Last edited by itSDS (2015-06-27 06:44:12)

ab · 2015-06-27 10:00:22

I've added the new TSQLHttpServer.RedirectServerRootUriForExactCase property to fix URIs on the fly for case sensitivity.
See http://synopse.info/fossil/info/39852c7b6e

Feedback is welcome!

itSDS · 2021-05-05 08:47:54

Hi Arnaud, late feedback.
I testet it now and there is a little change i made to the Option:

In Line 927 of MORMotHttpServer i added a '/' slash in front of the serv.model.root, because else there's a kind of recursion generting wrong url (It repeats the serv.Model.Root serveral Times)

    if fRedirectServerRootUriForExactCase and (match=rmMatchWithCaseChange) then begin
      // force redirection to exact Server.Model.Root case sensitivity
      call.OutStatus := HTTP_TEMPORARYREDIRECT;
      call.OutHead := 'Location: /'+serv.Model.Root+                                /// <<<---- SLASH ADDED !
        copy(call.Url,length(serv.Model.Root)+1,maxInt);
    end else begin

sakura · 2021-05-05 08:58:35

itSDS wrote:

Hi Arnaud, late feedback.

Wow :-D
6 years is late, glad you still use the same framework, shows again how awesome that is!

itSDS · 2021-05-05 11:24:34

Yes i like it

I applied the same Patch to mORMot V2. (mormot.rest.http.server.pas - Line 1010)

ab · 2021-05-05 16:41:12

I applied the patch to both mORMOt 1 and 2.

Thanks for the feedback!
Better late than never...

mORMot Open Source

#1 2015-06-25 13:27:08

Problem: Cookie Handling in MVC Server is Case sensitive

#2 2015-06-26 09:50:07

Re: Problem: Cookie Handling in MVC Server is Case sensitive

#3 2015-06-26 10:17:08

Re: Problem: Cookie Handling in MVC Server is Case sensitive

#4 2015-06-26 12:30:22

Re: Problem: Cookie Handling in MVC Server is Case sensitive

#5 2015-06-26 13:21:15

Re: Problem: Cookie Handling in MVC Server is Case sensitive

#6 2015-06-26 13:44:56

Re: Problem: Cookie Handling in MVC Server is Case sensitive

#7 2015-06-26 13:50:57

Re: Problem: Cookie Handling in MVC Server is Case sensitive

#8 2015-06-27 06:43:56

Re: Problem: Cookie Handling in MVC Server is Case sensitive

#9 2015-06-27 10:00:22

Re: Problem: Cookie Handling in MVC Server is Case sensitive

#10 2021-05-05 08:47:54

Re: Problem: Cookie Handling in MVC Server is Case sensitive

#11 2021-05-05 08:58:35

Re: Problem: Cookie Handling in MVC Server is Case sensitive

#12 2021-05-05 11:24:34

Re: Problem: Cookie Handling in MVC Server is Case sensitive

#13 2021-05-05 16:41:12

Re: Problem: Cookie Handling in MVC Server is Case sensitive

Board footer