tomcat cookie domain validation

Question

I\'m using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are cookies starting with a dot I\'m getting the following error:

java.lang.IllegalArgum         


        

Answer 1

With the new cookie processor on Tomcat 8, your cookie domain must start with a number or a letter. Removing the leading dot should get rid of this error.

Try changing it to dot.db-app.de instead, or give it a new name entirely.

Answer 2

I'm using a new version of Tomcat 8 (from this last October) and after add the line to force use the legacy cookie processor, it works fine. On your ${catalina.base}conf/context.xml:

<Context>

<!-- Default set of monitored resources. If one of these changes, the    -->
<!-- web application will be reloaded.                                   -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>

<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->

<!-- Force use the old Cookie processor (because this new tomcat version uses RFC6265 Cookie Specification) -->
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />

I hope this may be your case. Just set this CookieProcessor, and your implementation will be working as was in previous versions of Tomcat 8.

Answer 3

You can revert Tomcat's behaviour by defining the legacy cookie processor in your context.xml file.

See Apache Tomcat 8 Configuration Reference: The Cookie Processor Component