tomcat cookie域验证 [英] tomcat cookie domain validation

问题描述

我将tomcat 8.0.21与新的Rfc6265 cookie处理器配合使用。如果存在以点开头的cookie，则会出现以下错误：

I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are cookies starting with a dot I'm getting the following error:

java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was specified for this cookie
org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:180)
org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:122)
org.apache.catalina.connector.Response.generateCookieString(Response.java:959)
org.apache.catalina.connector.Response.addCookie(Response.java:907)
org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:392)
org.esigate.servlet.impl.ResponseSender.sendResponse(ResponseSender.java:70)
com.bahn.esiExtensions.ExtendedProxyServlet.doFilter(ExtendedProxyServlet.java:104)

是否有一个防止tomcat抛出此错误的方法？

Is there a way to prevent tomcat from throwing this error?

推荐答案

我正在使用新版本的Tomcat 8（从去年10月开始），并添加以下行以强制使用旧版Cookie处理器，效果很好。
在您的 $ {catalina.base} conf / context.xml ：

I'm using a new version of Tomcat 8 (from this last October) and after add the line to force use the legacy cookie processor, it works fine. On your ${catalina.base}conf/context.xml:

<Context>

<!-- Default set of monitored resources. If one of these changes, the    -->
<!-- web application will be reloaded.                                   -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>

<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->

<!-- Force use the old Cookie processor (because this new tomcat version uses RFC6265 Cookie Specification) -->
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />

我希望这可能是您的案件。只需设置此CookieProcessor，您的实现即可像以前的Tomcat 8版本一样工作。

I hope this may be your case. Just set this CookieProcessor, and your implementation will be working as was in previous versions of Tomcat 8.

这篇关于tomcat cookie域验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！