Alex Crane | 17 Feb 19:48 2012
Picon

No '=' found for token starting at position

Using Grinder 3.7.1 I am getting the below in my logs it looks similar
to this issue http://sourceforge.net/tracker/index.php?func=detail&aid=2952023&group_id=18598&atid=118598.
Though that looks like it was fixed a while ago:

Thanks for any help.

2012-02-17 13:13:06,143 ERROR Sliver-4 thread-0 [ run-0 ]: Aborted
run: Java exception calling TestRunner
net.grinder.scriptengine.jython.JythonScriptExecutionException: Java
exception calling TestRunner
	File "C:\Users\ACrane\Projects\LoadTesting\obi11g\bin\.\Sliver-file-store\current\obi_login_test.py",
line 26, in __call__
java.net.ProtocolException: Bad Set-Cookie header:
ORA_BIPS_LBINFO=1358c8477c0;, ORA_BIPS_NQID=; path=/analytics;
httponly; expires=Thu, 01 Jan 1970 00:00:00 GMT, ORA_BIPS_NQID=;
path=/xmlpserver; httponly; expires=Thu, 01 Jan 1970 00:00:00 GMT,
ORA_BIPS_ATGKEY=; path=/analytics; httponly; expires=Thu, 01 Jan 1970
00:00:00 GMT
No '=' found for token starting at position 253
	at HTTPClient.Cookie.parse(Cookie.java:196) ~[grinder-httpclient-3.7.1.jar:na]
	at HTTPClient.CookieModule.handleCookie(CookieModule.java:472)
~[grinder-httpclient-3.7.1.jar:na]
	at HTTPClient.CookieModule.responsePhase1Handler(CookieModule.java:421)
~[grinder-httpclient-3.7.1.jar:na]
	at HTTPClient.HTTPResponse.handleResponse(HTTPResponse.java:745)
~[grinder-httpclient-3.7.1.jar:na]
	at HTTPClient.HTTPResponse.getData(HTTPResponse.java:510)
~[grinder-httpclient-3.7.1.jar:na]
	at net.grinder.plugin.http.HTTPRequest$AbstractRequest.getHTTPResponse(HTTPRequest.java:1265)
~[grinder-http-3.7.1.jar:na]
(Continue reading)

Paul Gerrard | 22 Jan 11:30 2013

Re: No '=' found for token starting at position

Hi, I just encountered this problem using Grinder 3.10 on a an ASP.NET site. Is there a fix or patch or workaround for this? Is it a bug in the application perhaps? It's causing me a lot of grief as I can't even log in to a site to test it. Under pressure :( Thanks for any hints, Paul.

View this message in context: Re: No '=' found for token starting at position
Sent from the Grinder - User mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
grinder-use mailing list
grinder-use@...
https://lists.sourceforge.net/lists/listinfo/grinder-use
Gary Mulder | 22 Jan 12:19 2013
Picon

Re: No '=' found for token starting at position

On 22 January 2013 10:30, Paul Gerrard <paul-UsCPzUDFQ7Eyzzc7d281tv7I7tHvgBF7@public.gmane.orgm> wrote:

Hi, I just encountered this problem using Grinder 3.10 on a an ASP.NET site. Is there a fix or patch or workaround for this? Is it a bug in the application perhaps? It's causing me a lot of grief as I can't even log in to a site to test it. Under pressure :( Thanks for any hints, Paul.

Look at the error:

java.net.ProtocolException: Bad Set-Cookie header:
ORA_BIPS_LBINFO=1358c8477c0;, ORA_BIPS_NQID=; path=/analytics; 
httponly; expires=Thu, 01 Jan 1970 00:00:00 GMT, ORA_BIPS_NQID=; 
path=/xmlpserver; httponly; expires=Thu, 01 Jan 1970 00:00:00 GMT, 
ORA_BIPS_ATGKEY=; path=/analytics; httponly; expires=Thu, 01 Jan 1970 
00:00:00 GMT 
No '=' found for token starting at position 253 

Count 253 chars into the cookie and see where you get to. I suspect the server is sending a bad cookie by not including '='. Maybe it is the 'httponly'?

Regards,
Gary

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
grinder-use mailing list
grinder-use@...
https://lists.sourceforge.net/lists/listinfo/grinder-use
Paul Gerrard | 22 Jan 12:28 2013

Re: No '=' found for token starting at position

Yes, the header is wrong. There are two cookies, the second is named but
there's no '=value...' content for it.

I'll nobble the developers.

But should Grinder cope with this scenario like the browsers obviously do? I
note that Firefox and IE and tools like Fiddler just ignore the cookie
rather than set a value for it. Might be a more elegant outcome :O)

--
View this message in context: http://grinder.996249.n3.nabble.com/No-found-for-token-starting-at-position-tp6685p8214.html
Sent from the Grinder - User mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
Gary Mulder | 22 Jan 13:56 2013
Picon

Re: No '=' found for token starting at position

On 22 January 2013 11:28, Paul Gerrard <paul-UsCPzUDFQ7Eyzzc7d281tv7I7tHvgBF7@public.gmane.orgm> wrote:

Yes, the header is wrong. There are two cookies, the second is named but
there's no '=value...' content for it.

I'll nobble the developers.

But should Grinder cope with this scenario like the browsers obviously do? I
note that Firefox and IE and tools like Fiddler just ignore the cookie
rather than set a value for it. Might be a more elegant outcome :O)

Its a token parsing error, therefore the cookie handler would need explicit logic added to handle something that is likely not RFC compliant, at a guess. Your functional tests should have complained before you started your perf. testing!

Gary 
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
grinder-use mailing list
grinder-use@...
https://lists.sourceforge.net/lists/listinfo/grinder-use
Paul Gerrard | 22 Jan 14:26 2013

Re: No '=' found for token starting at position

Thanks and understood. I’m on the case ;O)

 

Best regards,
Paul

 

Paul Gerrard
Principal, Gerrard Consulting
Web: www.gerrardconsulting.com

 


View this message in context: RE: No '=' found for token starting at position
Sent from the Grinder - User mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
grinder-use mailing list
grinder-use@...
https://lists.sourceforge.net/lists/listinfo/grinder-use
Paul Gerrard | 22 Jan 15:00 2013

Re: No '=' found for token starting at position

Hi again,

The developers at this end assure me the 'secure' cookie attribute doesn't
require a value and it is treated in a similar way to the 'httponly'
attribute.

I checked and they seem to have a case. There's a reference here:
http://en.wikipedia.org/wiki/HTTP_cookie#Secure_and_HttpOnly 

The RFC for cookies mentions the secure attribute also. Do a search for
secure in this text - it seems to confirm it:
http://www.ietf.org/rfc/rfc2109.txt

Apparently, appending the attribute in an ASP.NET 2.0 website is a standard
site config setting to secure cookies under HTTPS.

Paul.

--
View this message in context: http://grinder.996249.n3.nabble.com/No-found-for-token-starting-at-position-tp6685p8217.html
Sent from the Grinder - User mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
Gary Mulder | 22 Jan 15:51 2013
Picon

Re: No '=' found for token starting at position

On 22 January 2013 14:00, Paul Gerrard <paul-UsCPzUDFQ7Eyzzc7d281tv7I7tHvgBF7@public.gmane.orgm> wrote:

Hi again,

The developers at this end assure me the 'secure' cookie attribute doesn't
require a value and it is treated in a similar way to the 'httponly'
attribute.

I checked and they seem to have a case. There's a reference here:
http://en.wikipedia.org/wiki/HTTP_cookie#Secure_and_HttpOnly

The RFC for cookies mentions the secure attribute also. Do a search for
secure in this text - it seems to confirm it:
http://www.ietf.org/rfc/rfc2109.txt

Apparently, appending the attribute in an ASP.NET 2.0 website is a standard
site config setting to secure cookies under HTTPS.

Paul.

In that case I stand corrected! Can't argue with an RFC (usually).

Given that the cookie handler is likely a 3rd party package and a patch will take some time unless you do it yourself, I'd then suggest then that you avoid using the provided cookie handlers. You could instead use the getHeader and listHeaders methods from your HTTPRequest object to manually obtain the cookie headers and then use Jython to parse them and extract the cookies you need.

Regards,
Gary
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
grinder-use mailing list
grinder-use@...
https://lists.sourceforge.net/lists/listinfo/grinder-use
Paul Gerrard | 22 Jan 16:19 2013

Re: No '=' found for token starting at position

Ah. Thanks. Sorry - I'm not as fluent with Grinder as I'd like to be. I'm
assuming that:

1. I turn off cookie handlers:

HTTPPluginControl.getConnectionDefaults().useCookies = 0

2. Process every request/response pair with calls to 
 - getHeader() to get the header
 - some code to parse the header and create cookie objects
 - calls to CookieModule.addCookie(cookie, threadContext) to add cookies to
the next request.

Could I replace the cookie handlers with a new class for all requests or do
I need to handle all request separately? Eeek - could take some time.

Do you have any sample code I could cannibalise?

How long would a fix or patch take do you think? I've asked the techies at
this end to turn this feature off (after they've done their penetration
testing) so I can test it, but I don't know if I'll get that quickly.

--
View this message in context: http://grinder.996249.n3.nabble.com/No-found-for-token-starting-at-position-tp6685p8219.html
Sent from the Grinder - User mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
Gary Mulder | 22 Jan 16:48 2013
Picon

Re: No '=' found for token starting at position

Hi Paul,

I'm just trying to think of a quick hack to get your cookie handling working... no working sample code, sorry. The idea being that cookies are just one type of HTTP response header and HTTP request header, so you can manage the header(s) manually, rather than use Grinder's (broken) cookie handler.

You need to get a list of headers and then identify all the cookie headers. If you don't have to actually do anything with the cookies, can you then take the Set-cookie: header you're getting from the server and just send it back as a Cookie: header in the next HTTP request? That way you avoid any unpacking and re-packing.

If you do need to unpack and repack, use of the split() Jython in-built string function will make it relatively easy to split on ";" to get a Jython list of cookies. Iterate through the list to find and modify the cookies you need and then use the join() Jython in-built string function to zip the list of cookies back together again for sending back.

Regards,
Gary


------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
grinder-use mailing list
grinder-use@...
https://lists.sourceforge.net/lists/listinfo/grinder-use
Paul Gerrard | 22 Jan 17:10 2013

Re: No '=' found for token starting at position

Hi Gary,

 

Thanks for the response – much appreciated.

 

If I turn off the cookie handler as you say, I can simply extract the cookie headers and add them to the next call. I could definitely do that. I don’t need to do anything else with them.

 

I looked at the source code and I think the fix ought to go into Cookies.java – looks pretty simple – so I’m thinking I might try and apply a fix myself. I’m downloading maven etc. and I’ll nab the source and try it. If I can get that working in an hour or two, I’ll run with that. Famous last words.

 

I really appreciate your help on this – thank-you.

 

Best regards,
Paul

 

Paul Gerrard
Principal, Gerrard Consulting

Mob: +44 (0) 7940 547894
Tel: +44 (0)1628 639173
Mail:
[hidden email]
Web:
click here.
NAML


View this message in context: RE: No '=' found for token starting at position
Sent from the Grinder - User mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
grinder-use mailing list
grinder-use@...
https://lists.sourceforge.net/lists/listinfo/grinder-use
Philip Aston | 22 Jan 20:53 2013
Picon

Re: No '=' found for token starting at position

The problem with cookies is that they are under specified, and more a set of conventions.

There have been several hacks to the version of HTTPClient embedded by The Grinder to relax it to accept such cookies. E.g. check out the testDotNetOnlyNonsense() (:-)) unit test, it tests a cookie very similar to yours.

https://sourceforge.net/p/grinder/code/ci/81e898a28748f9aa722e765253df4df023611a4b/tree/grinder-http/src/test/java/HTTPClient/TestCookie.java#l107

There's a corresponding fix:

https://sourceforge.net/p/grinder/code/ci/81e898a28748f9aa722e765253df4df023611a4b/tree/grinder-httpclient/src/main/java/HTTPClient/Cookie.java#l157


So the problem is not "httponly", but the "ORA_BIPS_NQID=;" and "ORA_BIPS_ATGKEY=;" cookies. I don't understand why you think this is a "Secure" cookie? "Secure" is just an attribute of a cookie, like HttpOnly.

On face value I agree with Gary that its an application issue. Nevertheless, we can consider relaxing the parsing further (please open a bug for this).

In the meantime, I suggest you try hacking HTTPClient/Cookie.java yourself.

- Phi


On 22/01/13 16:10, Paul Gerrard wrote:

Hi Gary,

 

Thanks for the response – much appreciated.

 

If I turn off the cookie handler as you say, I can simply extract the cookie headers and add them to the next call. I could definitely do that. I don’t need to do anything else with them.

 

I looked at the source code and I think the fix ought to go into Cookies.java – looks pretty simple – so I’m thinking I might try and apply a fix myself. I’m downloading maven etc. and I’ll nab the source and try it. If I can get that working in an hour or two, I’ll run with that. Famous last words.

 

I really appreciate your help on this – thank-you.

 

Best regards,
Paul

 

Paul Gerrard
Principal, Gerrard Consulting

Mob: +44 (0) 7940 547894
Tel: +44 (0)1628 639173
Mail:
[hidden email]
Web:
click here.
NAML


------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
grinder-use mailing list
grinder-use@...
https://lists.sourceforge.net/lists/listinfo/grinder-use
Paul Gerrard | 22 Jan 21:20 2013

Re: No '=' found for token starting at position

Hi,

Appreciate your comments (I'm a Linux developer nowadays). but Microsoft
have taken advantage of the RFC below which does mention it. The
explanations are on the Wikipedia site. I don't know who wrote it, but it's
consistent with the story of the .Net devs I'm dealing with.

I checked and they seem to have a case. There's a reference here: 
http://en.wikipedia.org/wiki/HTTP_cookie#Secure_and_HttpOnly  

The RFC for cookies mentions the secure attribute also. Do a search for
secure in this text - it seems to confirm it:
http://www.ietf.org/rfc/rfc2109.txt

The 'secure' flag is used by IE (at least) to prohibit a scripting language
from accessing the cookies in the context of the browser. They aren't
transmitted back to the server so should just be stripped out of the
headers. Apparently.
The problem with cookies is that they are under specified, and more a
set of conventions.

I'll have a bash at fixing the cookie.java code (although I'm no java
programmer) to get around this.

--
View this message in context: http://grinder.996249.n3.nabble.com/No-found-for-token-starting-at-position-tp6685p8223.html
Sent from the Grinder - User mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
Gary Mulder | 22 Jan 21:37 2013
Picon

Re: No '=' found for token starting at position


On 22 January 2013 20:20, Paul Gerrard <paul <at> gerrardconsulting.com> wrote:

I'll have a bash at fixing the cookie.java code (although I'm no java
programmer) to get around this.

If you're not doing anything with the cookies, it is probably quicker to hack a fix in Jython than reverse engineer code you're not familiar with. Getting test results is the objective. Clean up later... To paraphrase Douglas Adams:

I love (testing) deadlines. I like the whooshing sound they make as they fly by (developers).

Gary (whose favourite scripting strategy is TODO: )


------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
grinder-use mailing list
grinder-use@...
https://lists.sourceforge.net/lists/listinfo/grinder-use

Gmane