Thursday, June 11, 2009

Testing cookies with wget

I noticed an odd behaviour on one of our websites, hosted by an external party: When cookies exceeded a certain length, our Plone site didn't get any cookies in the request.

An excellent way to find the point of failure here is to use wget in combination with a script which prints the cookies it gets. Create a file cookie.txt:
your.domain.com  FALSE  / FALSE 0 cookie_id "SomeCookieValue"

This file must be tab-separated! Wget will not display error messages if your cookie file is corrupt.

Next, run
wget -qO - --load-cookie cookie.txt http://your.domain.com/showCookies

where showCookies is a page that wil simply print the cookies it gets. (-O - sends output to terminal instead of file, q turns off other info.)

In my case, i used several cookie files: for each domain, a short cookie (8 chars value) and a long one (2000 characters). This way, i was able to determine that the current Debian/Ubuntu (Intrepid) Pound package (version 2.4.3) doesn't deal well with cookies: when cookie data exceeds about 500 bytes, the cookies aren't passed to the application. Hand-compiling version 2.4.4 remedies this.

Update: More info on limited cookie(s) size with Pound.

No comments: