I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are cookies starting with a dot I'm getting the following error:
java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was specified for this cookie
org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:180)
org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:122)
org.apache.catalina.connector.Response.generateCookieString(Response.java:959)
org.apache.catalina.connector.Response.addCookie(Response.java:907)
org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:392)
org.esigate.servlet.impl.ResponseSender.sendResponse(ResponseSender.java:70)
com.bahn.esiExtensions.ExtendedProxyServlet.doFilter(ExtendedProxyServlet.java:104)
Is there a way to prevent tomcat from throwing this error?
I'm using a new version of Tomcat 8 (from this last October) and after add the line to force use the legacy cookie processor, it works fine.
On your ${catalina.base}conf/context.xml
:
<Context>
<!-- Default set of monitored resources. If one of these changes, the -->
<!-- web application will be reloaded. -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->
<!-- Force use the old Cookie processor (because this new tomcat version uses RFC6265 Cookie Specification) -->
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />
I hope this may be your case. Just set this CookieProcessor, and your implementation will be working as was in previous versions of Tomcat 8.
With the new cookie processor on Tomcat 8, your cookie domain must start with a number or a letter. Removing the leading dot should get rid of this error.
Try changing it to dot.db-app.de
instead, or give it a new name entirely.
You can revert Tomcat's behaviour by defining the legacy cookie processor in your context.xml file.
See Apache Tomcat 8 Configuration Reference: The Cookie Processor Component
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With