I use Spring Boot 1.4.4.RELEASE in my application and my application is been deployed in AWS.
I am trying to have subdomain for each user like,
when user "test" logs in, the url will be test.XXX.com
Here XXX.com is my domain name.
For XXX.com, it works fine.
I recently bought one more domain for testing like XXX-test.com.
But, when an user logs in, I am getting the below exception.
java.lang.IllegalArgumentException: An invalid domain [.XXX-test.com] was specified for this cookie
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:183)
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:125)
at org.apache.catalina.connector.Response.generateCookieString(Response.java:989)
at org.apache.catalina.connector.Response.addSessionCookieInternal(Response.java:959)
at org.apache.catalina.connector.Request.doGetSession(Request.java:3009)
at org.apache.catalina.connector.Request.getSession(Request.java:2367)
at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:896)
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:231)
at org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper.createNewSessionIfAllowed(HttpSessionSecurityContextRepository.java:427)
at org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper.saveContext(HttpSessionSecurityContextRepository.java:364)
at org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper.onResponseCommitted(SaveContextOnUpdateOrErrorResponseWrapper.java:85)
at org.springframework.security.web.util.OnCommittedResponseWrapper.doOnResponseCommitted(OnCommittedResponseWrapper.java:245)
at org.springframework.security.web.util.OnCommittedResponseWrapper.sendRedirect(OnCommittedResponseWrapper.java:127)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)
at org.springframework.security.web.util.OnCommittedResponseWrapper.sendRedirect(OnCommittedResponseWrapper.java:128)
at org.springframework.security.web.DefaultRedirectStrategy.sendRedirect(DefaultRedirectStrategy.java:57)
My Spring application.properties,
server.session.cookie.domain=.XXX-test.com
server.session.cookie.path=/
It works fine for other prod env with the below config.
server.session.cookie.domain=.XXX.com
server.session.cookie.path=/
Again, the prod config was deployed and tested few months ago with the spring boot version of 1.3.5.
Is there anything changed or anything missing here? Or, XXX-test.com is an issue?
Thanks,
According to RFC 6265 ( https://www.rfc-editor.org/rfc/rfc6265) starting with a .
(dot) character may cause problems.
You could try to fallback to the LegacyCookieProcessor, see: How to change Cookie Processor to LegacyCookieProcessor in tomcat 8 for more info .
If you still have problems please inform us about your TC version.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With