zoukankan      html  css  js  c++  java
  • java.lang.IllegalArgumentException: An invalid domain [.test.com] was specified for this cookie

    https://blog.csdn.net/cml_blog/article/details/52135115

    当项目中使用单点登录功能时,通常会使用cookie进行信息的保存,这样就可以在多个子域名上存取用户信息。
    比如有三个domain分别为test.com,cml.test.com,b.test.com这三个域名下的cookie是需要互相访问的。这时会在response上写入cookie信息

    Cookie cookie = new Cookie("testCookie", "test");
    cookie.setDomain(".test.com");
    cookie.setPath("/");
    cookie.setMaxAge(36000);
    resp.addCookie(cookie);
    1
    2
    3
    4
    5
    这样写在tomcat8.0上是没问题的,三个域名可以共享cookie信息。但是把它放到tomcat8.5上就报错了

    java.lang.IllegalArgumentException: An invalid domain [.test.com] was specified for this cookie
    at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:181)
    at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:123)
    at org.apache.catalina.connector.Response.generateCookieString(Response.java:989)
    at org.apache.catalina.connector.Response.addCookie(Response.java:937)
    at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386)
    at com.cml.mvc.controller.HelloWorld.str(HelloWorld.java:98)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:777)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:706)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    在tomcat8.5上是使用org.apache.tomcat.util.http.Rfc6265CookieProcessor

    The standard implementation of CookieProcessor is org.apache.tomcat.util.http.Rfc6265CookieProcessor.

    This cookie processor is based on RFC6265 with the following changes to support better interoperability:

    Values 0x80 to 0xFF are permitted in cookie-octet to support the use of UTF-8 in cookie values as used by HTML 5.
    For cookies without a value, the '=' is not required after the name as some browsers do not sent it.
    The RFC 6265 cookie processor is generally more lenient than the legacy cookie parser. In particular:

    The '=' and '/' characters are always permitted in a cookie value.
    Name only cookies are always permitted.
    The cookie header is always preserved.
    No additional attributes are supported by the RFC 6265 Cookie Processor.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    文档地址

    在tomcat8.0上使用的是org.apache.tomcat.util.http.LegacyCookieProcessor

    The standard implementation of CookieProcessor is org.apache.tomcat.util.http.LegacyCookieProcessor. Note that it is anticipated that this will change to org.apache.tomcat.util.http.Rfc6265CookieProcessor in a future Tomcat 8 release.

    This is the legacy cookie parser based on RFC6265, RFC2109 and RFC2616. It implements a strict interpretation of the cookie specifications. Due to various interoperability issues with browsers not all strict behaviours are enabled by default and additional options are available to further relax the behaviour of this cookie processor if required.
    1
    2
    3
    文档地址

    问题就可以定位在CookieProcessor不同实现引起的。
    原因分析见下半篇博客:An invalid domain [.test.com] was specified for this cookie 原因分析

    解决方法:

    指定完整的domain信息,但是这样单点登录就会有问题了
    Cookie cookie = new Cookie("testCookie", "test");
    cookie.setDomain("cml.test.com");
    cookie.setPath("/");
    cookie.setMaxAge(36000);
    resp.addCookie(cookie);
    1
    2
    3
    4
    5
    2.设置为一级域名(推荐)

    Cookie cookie = new Cookie("testCookie", "test");
    cookie.setDomain("test.com");
    cookie.setPath("/");
    cookie.setMaxAge(36000);
    resp.addCookie(cookie);
    1
    2
    3
    4
    5
    域名问题参考文章:顶级域名和二级域名共享cookie及相互删除cookie
    ---------------------
    作者:cmlbeliever
    来源:CSDN
    原文:https://blog.csdn.net/cml_blog/article/details/52135115
    版权声明:本文为博主原创文章,转载请附上博文链接!

  • 相关阅读:
    增删改查, SQL语句,注意事项
    形参
    接收前台的GET/POST请求
    数据库能查出数据,但mybatis查询出返回的结果是null
    resultType
    日期和字符串互转、数据库处理日期
    ajax的简单应用
    设置
    深度解密Go语言之unsafe
    golang中,map作为函数参数是如何传递的
  • 原文地址:https://www.cnblogs.com/linus-tan/p/10254752.html
Copyright © 2011-2022 走看看