In the project, we need to write cookies to the browser, using Tomcat 8.5. When we write cookies, we set up a domain name such as. xxx.com, but when we write cookies, we throw an exception:
An invalid domain [.xxx.com] was specified for this cookie
Check that this domain name setting is a legacy format of cookie version 0
Using org. apache. tomcat. util. http. Rfc6265 CookieProcessor on Tomcat 8.5
The standard implementation of CookieProcessor is org.apache.tomcat.util.http.Rfc6265CookieProcessor. This cookie processor is based on RFC6265 with the following changes to support better interoperability: Values 0x80 to 0xFF are permitted in cookie-octet to support the use of UTF-8 in cookie values as used by HTML 5. For cookies without a value, the '=' is not required after the name as some browsers do not sent it. The RFC 6265 cookie processor is generally more lenient than the legacy cookie parser. In particular: The '=' and '/' characters are always permitted in a cookie value. Name only cookies are always permitted. The cookie header is always preserved. No additional attributes are supported by the RFC 6265 Cookie Processor.
For Tomcat 8.0 and below, org. apache. tomcat. util. http. Legacy CookieProcessor is used.
The standard implementation of CookieProcessor is org.apache.tomcat.util.http.LegacyCookieProcessor. Note that it is anticipated that this will change to org.apache.tomcat.util.http.Rfc6265CookieProcessor in a future Tomcat 8 release. This is the legacy cookie parser based on RFC6265, RFC2109 and RFC2616. It implements a strict interpretation of the cookie specifications. Due to various interoperability issues with browsers not all strict behaviours are enabled by default and additional options are available to further relax the behaviour of this cookie processor if required.
The problem can be addressed by different implementations of CookieProcessor.
Solution:
1. For users who use Tomcat alone, modify the configuration file of Tomcat and set Tomcat to use Legacy Cookie Processor to process:
Modify tomcat's conf/context.xml file by adding:
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />
As follows:
<Context> <!-- Default set of monitored resources. If one of these changes, the --> <!-- web application will be reloaded. --> <WatchedResource>WEB-INF/web.xml</WatchedResource> <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource> <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" /> <!-- Uncomment this to disable session persistence across Tomcat restarts --> <!-- <Manager pathname="" /> --> </Context>
Then restart tomcat.
2. If you use spring boot, you need to configure it with code:
/** * Solving the problem of cookie root domain name setting * @author Declan */ @Configuration public class CookieConfig { /** * Solve the problem: * There was an unexpected error (type=Internal Server Error, status=500). * An invalid domain [.xxx.com] was specified for this cookie * * @return */ @Bean public WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() { return (factory) -> factory.addContextCustomizers( (context) -> context.setCookieProcessor(new LegacyCookieProcessor())); } }
Another solution is to configure the domain name in Tomcat version after 8.5 without adding "..." before the domain name. The configuration is as follows:
ck.setDomain("xxx.com")
In the version before Tomcat 8.5, add "..." before the domain name and configure as follows:
ck.setDomain(".xxx.com")