-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
I have this code in a servlet and it's throwing an exception (below): StringBuilder sb = ...; logger.trace("cookie value: " + sb.toString()); Cookie cookie = new Cookie(cookieName, sb.toString()); cookie.setVersion(1); cookie.setPath(cookiePath); response.addCookie(cookie); // exception thrown here Tomcat is throwing this exception: Exception: java.lang.IllegalArgumentException: An invalid character [44] was present in the Cookie value Stack Trace: java.lang.IllegalArgumentException: An invalid character [44] was present in the Cookie value org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateCookieValue(R fc6265CookieProcessor.java:182) at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc626 5CookieProcessor.java:115) at org.apache.catalina.connector.Response.generateCookieString(Response.jav a:999) at org.apache.catalina.connector.Response.addCookie(Response.java:947 ) at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.ja va:386) at javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletRespo nseWrapper.java:58) at [my code] The log message says that the value of the cookie is "mqpp=1,kiosk=true" (without the quotes). The offending character (decimal 44... I was surprised it wasn't a hex value) is a comma. I think either the Cookie class or Tomcat is mis-managing my cookie value. I was expecting Cookie/Tomcat to just "make it work" regardless of the value I tried to put into the cookie. This has worked without any problems prior to Tomcat 8.5.x. The javadoc for Cookie.setVersion says that when version=1, cookie values should confirm to 2109, but since Tomcat is now using RFC 6265 perhaps there is conflict between the two? Is there a way I can make both javax.servlet.http.Cookie and Tomcat 8.5.x+ happy? I can easily manually-quote this cookie value in whatever way is required. Or is this a bug in either j.s.h.Cookie or Tomcat's RFC 6265 validator (or a combination of the two)? Thanks, - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZAOHeAAoJEBzwKT+lPKRY9FAP/1YRlatkbLKIYhKlsWgAi3Ze WlW25qjBW6uLkdE+7J1/3HvEtk80ZdQ6wDE187IIiMHF2CEbPfqjaculhVrsjSPE VBdQXfDR3jt3QIEs/iKAor6shhGri4PEEPxUgYhe8QMHjwGRmQ2uP6pwzX8dyOyq /WGlZgp3rsrlrShRoI2nVZO9DgMISjAwytLdJdeTRdXQ6UsKXBC48YEaUJOuxUbf fBUV7TvB3UEbxSEsLKDx88JANujTYbQJpVEE8IhyDJ5Wji4X0LN3ylDahgNIKwwK Zz6fY3I9bOVZwMAr1f0bbm9AnvL3zsu5bgp4YH3oyJAg7iW81sYMNe5ubsU9xifQ KwpovSlObkj6Y5B7BqLO8eb2TOh+a4qIE0RnMCfV+5neAWnPD3uL2pyFGYtHWNwh DgQskKxuFuId0onaR8COtD3qiAwpuzA+96c15EXZPGZW122vODOlIdel26Uv5ZXH tZrPus24tNXkgaLMBYjHq53uWyXxNmdN27nK//L83cgPHCx4wMRCUN3hjkE2WUYf SuVXZcZidFcu67Dk3iwYCz0TxFvMVtw9cyl98F1zAZzOV1GW347aDlQga1psV9Nf BgIibfASeoIumNIzzBgHyeVi5WP3jeIP/29GQiGr0IEIhXMa72ot6+6OFadRGKGM L+Wc8c2+9LajaiSUi3Uy =5bWu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org