Setting cookie in response

ankit_31 · April 12, 2019, 8:33am

return ok(auth.render()).as("text/html")
                .withCookies(Http.Cookie.builder("name", username).withMaxAge(Duration.ofSeconds(900)).build());

Why am I getting a 500 internal error on this line. How do we set the cookie in play framework 2.7. I get below error-

[error] a.a.ActorSystemImpl - Internal server error, sending 500 response
akka.http.impl.util.One2OneBidiFlow$OutputTruncationException: Inner flow was completed without producing result elements for 1 outstanding elements
    at akka.http.impl.util.One2OneBidiFlow$OutputTruncationException$.apply(One2OneBidiFlow.scala:22)
    at akka.http.impl.util.One2OneBidiFlow$OutputTruncationException$.apply(One2OneBidiFlow.scala:22)
    at akka.http.impl.util.One2OneBidiFlow$One2OneBidi$anon$1$anon$4.onUpstreamFinish(One2OneBidiFlow.scala:97)
    at akka.stream.impl.fusing.GraphInterpreter.processEvent(GraphInterpreter.scala:504)
    at akka.stream.impl.fusing.GraphInterpreter.execute(GraphInterpreter.scala:378)
    at akka.stream.impl.fusing.GraphInterpreterShell.runBatch(ActorGraphInterpreter.scala:588)
    at akka.stream.impl.fusing.GraphInterpreterShell$AsyncInput.execute(ActorGraphInterpreter.scala:472)
    at akka.stream.impl.fusing.GraphInterpreterShell.processEvent(ActorGraphInterpreter.scala:563)
    at akka.stream.impl.fusing.ActorGraphInterpreter.akka$stream$impl$fusing$ActorGraphInterpreter$processEvent(ActorGraphInterpreter.scala:745)
    at akka.stream.impl.fusing.ActorGraphInterpreter$anonfun$receive$1.applyOrElse(ActorGraphInterpreter.scala:760)

mkurz · April 12, 2019, 9:54am

If you remove withCookies(...) there is no exception?
Just

return ok(auth.render()).as("text/html");

?

ankit_31 · April 12, 2019, 10:09am

Yes . No issues when I run this. Only on adding cookie I am getting the error

mkurz · April 12, 2019, 1:30pm

I guess your username variable contains characters which Play by default considers to be invalid when used in a cookie value:

github.com

playframework/playframework/blob/c80acf3870867a6c7dc2f69a690165472dbd8350/core/play/src/main/java/play/core/cookie/encoding/CookieUtil.java#L50-L52


// cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
// US-ASCII characters excluding CTLs, whitespace, DQUOTE, comma, semicolon, and backslash
private static BitSet validCookieValueOctets() {

(Here are the values for the cookie name btw:)

github.com

playframework/playframework/blob/c80acf3870867a6c7dc2f69a690165472dbd8350/core/play/src/main/java/play/core/cookie/encoding/CookieUtil.java#L29-L34


// token = 1*<any CHAR except CTLs or separators>
// separators = "(" | ")" | "<" | ">" | "@"
// | "," | ";" | ":" | "\" | <">
// | "/" | "[" | "]" | "?" | "="
// | "{" | "}" | SP | HT
private static BitSet validCookieNameOctets() {

You have two options:

Make sure your username variable does not contain invalid characters.
In your application.conf set

play.http.cookies.strict = false

However, for the second option please read and be aware of this comment:

github.com

playframework/playframework/blob/c80acf3870867a6c7dc2f69a690165472dbd8350/core/play/src/main/resources/reference.conf#L127-L135


cookies = {


  # Whether strict cookie parsing should be used. If true, will ignore the entire cookie header if a single invalid
  # cookie is found, otherwise, will just ignore the invalid cookie if an invalid cookie is found. The reason
  # dropping the entire header may be useful is that browsers don't make any attempt to validate cookie values,
  # which may open opportunities for an attacker to trigger some edge case in the parser to steal cookie
  # information. By dropping the entire header, this makes it harder to exploit edge cases.
  strict = true
}

One more thing:
From the exception you posted it’s, of course, hard to tell what the problem is, because akka-http somehow swallows the underlying exception…
As a “workaround”, to see what’s going on, you can switch to the netty backend, which provides you the causing exception (here for example I used the invalid space character in the cookie value):

java.lang.IllegalArgumentException: Cookie value contains an invalid char:  
	at play.core.cookie.encoding.CookieEncoder.validateCookie(CookieEncoder.java:46)
	at play.core.cookie.encoding.ServerCookieEncoder.encode(ServerCookieEncoder.java:71)
	at play.api.mvc.CookieHeaderEncoding.$anonfun$encodeSetCookieHeader$1(Cookie.scala:249)
	at scala.collection.TraversableLike.$anonfun$map$1(TraversableLike.scala:237)
	at scala.collection.immutable.List.foreach(List.scala:392)
	at scala.collection.TraversableLike.map(TraversableLike.scala:237)
	at scala.collection.TraversableLike.map$(TraversableLike.scala:230)
	at scala.collection.immutable.List.map(List.scala:298)
	at play.api.mvc.CookieHeaderEncoding.encodeSetCookieHeader(Cookie.scala:240)
	at play.api.mvc.CookieHeaderEncoding.encodeSetCookieHeader$(Cookie.scala:238)

ankit_31 · April 13, 2019, 1:03pm

This was it . Thanks a lot

Topic		Replies	Views
Metaspace problem play 2.7 Play Framework	6	2624	January 29, 2020
HTTP2 Chunked responses from asset files Play Framework	2	1115	August 17, 2018
Does Play 2.6.15 support java 9 and java 10 Play Framework	3	3643	June 11, 2018
Override "timely response" error page? Play Framework	7	713	May 18, 2018
Unable to Materialise Request Body in Action Filter Play Framework	10	2152	September 13, 2019

Setting cookie in response

Related Topics