[plt-scheme] Cookies to web servlet getting lost when __utmz cookie present

From: Nadeem Abdul Hamid (nadeem at acm.org)
Date: Fri Apr 30 00:05:08 EDT 2010

Hello all,

I've been experimenting with a simple servlet to drive my website, but am having a strange problem with cookies not getting through when a Google Analytics cookie (__utmz) is present in the browser's request to the servlet. I've included a step-by-step trace below, but briefly, here's the problem: Starting from an empty browser cache of cookies, I request a page from my servlet that sets a cookie; when I then request a page again, I see that the cookie is sent by the browser and received by the servlet. However, then I visit another web page on the same domain as my servlet, which sets a __utmz (apparently a Google Analytics cookie). After this cookie is set, when I request pages from my servlet, I see that the browser is sending all the cookies, but none are getting through to the servlet! If I clear the __utmz cookie from the browser, and then request pages from the servlet, the servlet receives the cookie again. 

So, I haven't peeked into the webserver code (no time yet), but the question is: is there some reason that the __utmz cookie (and not any other __utma, __utmc, cookies) seems to cause interference with all other cookies getting through to it?

Below are the steps that I take to replicate this problem, as well as snippets from my code. I added some terminal output to the servlet dispatch function that is passed to serve/servlet so that it displays the cookies it receives and the URL being requested before doing anything else.

I appreciate any help/insight. Thanks,

--- nadeem


**************************************************************
(Step 1) 
Browser request (sniffed using Wireshark):
   GET /~nhamid/teaching/ HTTP/1.1\r\n 
   (no cookies sent)

Servlet output:
   ()/~nhamid/teaching/


(Step 2) 
   request page that sets a cookie (and redirects to /~nhamid/teaching/course…)


(Step 3) 
Browser request:
   GET /~nhamid/teaching/course HTTP/1.1\r\n
   Cookie: teaching-order=course\r\n

Servlet output:
   ((teaching-order course #f #f))/~nhamid/teaching/course
(See the cookie is received.)


(Step 4) visit another page (www.berry.edu) -- sets __utmz (google analytics cookie) and a bunch of others, which I cleared out, except for the __utmz one.


(Step 5) 
Browser request:
   GET /~nhamid/teaching/ HTTP/1.1\r\n
   Cookie: teaching-order=course; __utmz=165257760.1272597702.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)\r\n

Servlet output:
   ()/~nhamid/teaching/
(Note: no cookies received at all!)


(Step 6) delete the __utmz cookie from the browser. This is the *only* thing I change.


(Step 7) 
Browser request:
   GET /~nhamid/teaching/ HTTP/1.1\r\n
   Cookie: teaching-order=course\r\n

Servlet output:
   ((teaching-order course #f #f))/~nhamid/teaching/
(Cookie is received again!)

**************************************************************

Scheme code:

(serve/servlet my-dispatch
               #:listen-ip #f
               #:launch-browser? #f
               #:servlet-path "/nhamid/index.ss"
               #:servlet-regexp #rx""
               #:extra-files-paths (list htdocs)
               #:stateless? false)

(define-values (web-dispatch web-url)
  (dispatch-rules
   [("~nhamid" "index.ss") render-home]
   [("~nhamid") render-home]
   [("~nhamid" "") render-home]
   [("~nhamid" "editlinks") render-editlinks]
   [("~nhamid" "teaching" "") render-teaching]
   [("~nhamid" "teaching" "semester") render-teaching-by-semester]
   [("~nhamid" "teaching" "course") render-teaching-by-course]
))

(define (display-cookies req)
  (let ([cookies (request-cookies req)])
    (display
    (map (lambda (c) (list (client-cookie-name  c)
                           (client-cookie-value c)
                           (client-cookie-domain c)
                           (client-cookie-path c)))
         cookies))))

;; my-dispatch : request -> response
(define (my-dispatch req)
  (display-cookies req)
  (display (string-append (url->string (request-uri req)) "\n"))
  (web-dispatch req))




Posted on the users mailing list.