All geek questions in one place

Check tomcat cookie domain

I am using tomcat 8.0.21 with the new cookie processor Rfc6265. If there are cookies starting with a period, I get the following error:

java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was specified for this cookie org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:180) org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:122) org.apache.catalina.connector.Response.generateCookieString(Response.java:959) org.apache.catalina.connector.Response.addCookie(Response.java:907) org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:392) org.esigate.servlet.impl.ResponseSender.sendResponse(ResponseSender.java:70) com.bahn.esiExtensions.ExtendedProxyServlet.doFilter(ExtendedProxyServlet.java:104)

Is there any way to prevent this cat from throwing tomcat?

+6
source share
3 answers

I am using the new version of Tomcat 8 (from this October last year), and after adding a line to use the old cookie processor, it works fine. At ${catalina.base}conf/context.xml :

 <Context> <!-- Default set of monitored resources. If one of these changes, the --> <!-- web application will be reloaded. --> <WatchedResource>WEB-INF/web.xml</WatchedResource> <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource> <!-- Uncomment this to disable session persistence across Tomcat restarts --> <!-- <Manager pathname="" /> --> <!-- Force use the old Cookie processor (because this new tomcat version uses RFC6265 Cookie Specification) --> <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />

Hope this could be your case. Just set this CookieProcessor and your implementation will work just like in previous versions of Tomcat 8.

+7
source

With the new cookie processor on Tomcat 8, your cookie domain should start with a number or letter. Retrieving the leading point should get rid of this error.

Instead, try changing it to dot.db-app.de or completely giving it a new name.

+4
source

You can return Tomcat behavior by specifying an inherited cookie processor in the context.xml file.

See Apache Tomcat 8 Configuration Link: Cookie Processor Component

+2
source

Source: https://habr.com/ru/post/985069/

More articles:


All Articles