[racket] Cookie Indigestion

From: Jay McCarthy (jay.mccarthy at gmail.com)
Date: Thu May 19 00:53:16 EDT 2011

2011/5/18 J G Cho <gcho at fundingmatters.com>:
> Ha! All the error messages did seemed to end in blahblah=.
>
> (I am going to blame the cold I am recovering from for making me think
> that somehow {key:val} was used. Either that or I've been using too
> much JSON and forgot some things predate JSON like cookies and s-exp.)
>
> I have a question about the substring logic. It does not seem to look
> for = or \n but chops off the last 3. Am I to infer that that is the
> case for all the outcome of (bytes->string/utf-8 (base64-encode
> (HMAC-SHA1 ....?

Yup

>
> And thank you for your keen diagnosis as usual. And for the code as
> well. (Note to self: So that's what professional code looks like? I
> got a long way to go.)
>
> jGc
>
> On Wed, May 18, 2011 at 1:57 PM, Jay McCarthy <jay.mccarthy at gmail.com> wrote:
>> That's exactly the problem.
>>
>> Here's a fairly re-usable identifying cookie:
>>
>> https://github.com/jeapostrophe/m8b/blob/master/id-cookie.rkt
>>
>> Notice at the top I just get the substring of the BASE64.
>>
>> Jay
>>
>> 2011/5/18 Neil Van Dyke <neil at neilvandyke.org>:
>>> J G Cho wrote at 05/18/2011 04:23 AM:
>>>>
>>>> (define (make-digest s1 s2)
>>>>  (bytes->string/utf-8
>>>>  (base64-encode
>>>>   (HMAC-SHA1 (string->bytes/utf-8 s1)
>>>>              (string->bytes/utf-8 s2)))))
>>>>
>>>> I then use it to make a cookie like:
>>>>
>>>>  (define digest
>>>>    (make-digest "saltycracker" (string-append "time" time "id" "joseph")))
>>>>
>>>>  (define digest-cookie
>>>>    (make-cookie "digest" digest))
>>>>
>>>> Writing it out seems to go okay but when I try to read it back, I am
>>>> greeted with:
>>>>
>>>> lexer: No match found in input starting with:
>>>> "WFs1fa0jLTOXqiLG08EtBq1wNYI=
>>>>
>>>
>>> Is the problem that the BASE64 output contains "=" and newline characters,
>>> and that's getting into the HTTP header verbatim?
>>>
>>> If that's the problem, then probably you want to trim the "=" and newline
>>> characters from the string.  (You could re-encode, but that would be
>>> redundant, since the purpose of BASE64 is to encode bytes safely for
>>> transport.)
>>>
>>> --
>>> http://www.neilvandyke.org/
>>> _________________________________________________
>>>  For list-related administrative tasks:
>>>  http://lists.racket-lang.org/listinfo/users
>>>
>>
>>
>>
>> --
>> Jay McCarthy <jay at cs.byu.edu>
>> Assistant Professor / Brigham Young University
>> http://faculty.cs.byu.edu/~jay
>>
>> "The glory of God is Intelligence" - D&C 93
>>
>



-- 
Jay McCarthy <jay at cs.byu.edu>
Assistant Professor / Brigham Young University
http://faculty.cs.byu.edu/~jay

"The glory of God is Intelligence" - D&C 93



Posted on the users mailing list.