Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

An invalid domain was specified for this cookie

I use Spring Boot 1.4.4.RELEASE in my application and my application is been deployed in AWS.

I am trying to have subdomain for each user like,

when user "test" logs in, the url will be test.XXX.com

Here XXX.com is my domain name.

For XXX.com, it works fine.

I recently bought one more domain for testing like XXX-test.com.

But, when an user logs in, I am getting the below exception.

java.lang.IllegalArgumentException: An invalid domain [.XXX-test.com] was specified for this cookie
    at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:183)
    at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:125)
    at org.apache.catalina.connector.Response.generateCookieString(Response.java:989)
    at org.apache.catalina.connector.Response.addSessionCookieInternal(Response.java:959)
    at org.apache.catalina.connector.Request.doGetSession(Request.java:3009)
    at org.apache.catalina.connector.Request.getSession(Request.java:2367)
    at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:896)
    at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:231)
    at org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper.createNewSessionIfAllowed(HttpSessionSecurityContextRepository.java:427)
    at org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper.saveContext(HttpSessionSecurityContextRepository.java:364)
    at org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper.onResponseCommitted(SaveContextOnUpdateOrErrorResponseWrapper.java:85)
    at org.springframework.security.web.util.OnCommittedResponseWrapper.doOnResponseCommitted(OnCommittedResponseWrapper.java:245)
    at org.springframework.security.web.util.OnCommittedResponseWrapper.sendRedirect(OnCommittedResponseWrapper.java:127)
    at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)
    at org.springframework.security.web.util.OnCommittedResponseWrapper.sendRedirect(OnCommittedResponseWrapper.java:128)
    at org.springframework.security.web.DefaultRedirectStrategy.sendRedirect(DefaultRedirectStrategy.java:57)

My Spring application.properties,

server.session.cookie.domain=.XXX-test.com
server.session.cookie.path=/

It works fine for other prod env with the below config.

server.session.cookie.domain=.XXX.com
server.session.cookie.path=/

Again, the prod config was deployed and tested few months ago with the spring boot version of 1.3.5.

Is there anything changed or anything missing here? Or, XXX-test.com is an issue?

Thanks,

like image 469
user1578872 Avatar asked Mar 01 '17 05:03

user1578872


1 Answers

According to RFC 6265 ( https://www.rfc-editor.org/rfc/rfc6265) starting with a . (dot) character may cause problems.

You could try to fallback to the LegacyCookieProcessor, see: How to change Cookie Processor to LegacyCookieProcessor in tomcat 8 for more info .

If you still have problems please inform us about your TC version.

like image 199
Maarten Naberink Avatar answered Oct 31 '22 20:10

Maarten Naberink