-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
All,
I have this code in a servlet and it's throwing an exception (below):
StringBuilder sb = ...;
logger.trace("cookie value: " + sb.toString());
Cookie cookie = new Cookie(cookieName, sb.toString());
cookie.setVersion(1);
cookie.setPath(cookiePath);
response.addCookie(cookie); // exception thrown here
Tomcat is throwing this exception:
Exception: java.lang.IllegalArgumentException: An invalid character
[44] was present in the Cookie value
Stack Trace:
java.lang.IllegalArgumentException: An invalid character [44] was
present in the Cookie value
org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateCookieValue(R
fc6265CookieProcessor.java:182)
at
org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc626
5CookieProcessor.java:115)
at
org.apache.catalina.connector.Response.generateCookieString(Response.jav
a:999)
at org.apache.catalina.connector.Response.addCookie(Response.java:947
)
at
org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.ja
va:386)
at
javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletRespo
nseWrapper.java:58)
at [my code]
The log message says that the value of the cookie is
"mqpp=1,kiosk=true" (without the quotes).
The offending character (decimal 44... I was surprised it wasn't a hex
value) is a comma. I think either the Cookie class or Tomcat is
mis-managing my cookie value. I was expecting Cookie/Tomcat to just
"make it work" regardless of the value I tried to put into the cookie.
This has worked without any problems prior to Tomcat 8.5.x.
The javadoc for Cookie.setVersion says that when version=1, cookie
values should confirm to 2109, but since Tomcat is now using RFC 6265
perhaps there is conflict between the two?
Is there a way I can make both javax.servlet.http.Cookie and Tomcat
8.5.x+ happy? I can easily manually-quote this cookie value in
whatever way is required.
Or is this a bug in either j.s.h.Cookie or Tomcat's RFC 6265 validator
(or a combination of the two)?
Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJZAOHeAAoJEBzwKT+lPKRY9FAP/1YRlatkbLKIYhKlsWgAi3Ze
WlW25qjBW6uLkdE+7J1/3HvEtk80ZdQ6wDE187IIiMHF2CEbPfqjaculhVrsjSPE
VBdQXfDR3jt3QIEs/iKAor6shhGri4PEEPxUgYhe8QMHjwGRmQ2uP6pwzX8dyOyq
/WGlZgp3rsrlrShRoI2nVZO9DgMISjAwytLdJdeTRdXQ6UsKXBC48YEaUJOuxUbf
fBUV7TvB3UEbxSEsLKDx88JANujTYbQJpVEE8IhyDJ5Wji4X0LN3ylDahgNIKwwK
Zz6fY3I9bOVZwMAr1f0bbm9AnvL3zsu5bgp4YH3oyJAg7iW81sYMNe5ubsU9xifQ
KwpovSlObkj6Y5B7BqLO8eb2TOh+a4qIE0RnMCfV+5neAWnPD3uL2pyFGYtHWNwh
DgQskKxuFuId0onaR8COtD3qiAwpuzA+96c15EXZPGZW122vODOlIdel26Uv5ZXH
tZrPus24tNXkgaLMBYjHq53uWyXxNmdN27nK//L83cgPHCx4wMRCUN3hjkE2WUYf
SuVXZcZidFcu67Dk3iwYCz0TxFvMVtw9cyl98F1zAZzOV1GW347aDlQga1psV9Nf
BgIibfASeoIumNIzzBgHyeVi5WP3jeIP/29GQiGr0IEIhXMa72ot6+6OFadRGKGM
L+Wc8c2+9LajaiSUi3Uy
=5bWu
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
