On Mar 4, 2013, at 11:17 AM, Wendy Verrrei-Berenback <email@example.com> wrote:
Disallowed Key Characters: pspw1-8520-PORTAL-PSJSESSIONID
using Firefox 19
The Events Calendar code utilizes a “software framework” (viz.http://en.wikipedia.org/wiki/Software_framework ) called CodeIgnitor. When processing any sort of input (URL, form input via GET or POST, or cookies), CodeIgnitor tries to “sanitize” the input to remove or exclude any data that may be malicious in nature.
In particular, CodeIgnitor goes through every cookie set by ANY application in the uvm.edu domain. Why? Because it can, and cookies are only identified by hostname (catalyst.uvm.edu) or domain name (uvm.edu), not by the application that deposited them. This is a bit of overkill, as we have a lot of applications. CodeIgnitor took exception to any cookie whose name was NOT constructed solely of the characters a through z, A to Z, 0 to 9, “:”, “_”. and “/” .
Any UVM application using WebAuth — like the mediamanager, was producing a key named
Sorry, “@”, and “.” disallowed, outside the above set.
I locally extended the CodeIgnitor core Input class to accept “@”, “-“, and “.” when examining cookies (But not when sanitizing URLs or form input). This error should trouble us no more.