zoukankan      html  css  js  c++  java
  • java.lang.IllegalArgumentException: An invalid domain [.test.com] was specified for this cookie解决方法

    当项目中使用单点登录功能时,通常会使用cookie进行信息的保存,这样就可以在多个子域名上存取用户信息。
    比如有三个domain分别为test.com,cml.test.com,b.test.com这三个域名下的cookie是需要互相访问的。这时会在response上写入cookie信息

    Cookie cookie = new Cookie("testCookie", "test");
    cookie.setDomain(".test.com");
    cookie.setPath("/");
    cookie.setMaxAge(36000);
    resp.addCookie(cookie);
    这样写在tomcat8.0上是没问题的,三个域名可以共享cookie信息。但是把它放到tomcat8.5上就报错了

    java.lang.IllegalArgumentException: An invalid domain [.test.com] was specified for this cookie
    at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:181)
    at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:123)
    at org.apache.catalina.connector.Response.generateCookieString(Response.java:989)
    at org.apache.catalina.connector.Response.addCookie(Response.java:937)
    at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386)
    at com.cml.mvc.controller.HelloWorld.str(HelloWorld.java:98)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:777)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:706)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)

    在tomcat8.5上是使用org.apache.tomcat.util.http.Rfc6265CookieProcessor

    The standard implementation of CookieProcessor is org.apache.tomcat.util.http.Rfc6265CookieProcessor.

    This cookie processor is based on RFC6265 with the following changes to support better interoperability:

    Values 0x80 to 0xFF are permitted in cookie-octet to support the use of UTF-8 in cookie values as used by HTML 5.
    For cookies without a value, the '=' is not required after the name as some browsers do not sent it.
    The RFC 6265 cookie processor is generally more lenient than the legacy cookie parser. In particular:

    The '=' and '/' characters are always permitted in a cookie value.
    Name only cookies are always permitted.
    The cookie header is always preserved.
    No additional attributes are supported by the RFC 6265 Cookie Processor.

    在tomcat8.0上使用的是org.apache.tomcat.util.http.LegacyCookieProcessor

    The standard implementation of CookieProcessor is org.apache.tomcat.util.http.LegacyCookieProcessor. Note that it is anticipated that this will change to org.apache.tomcat.util.http.Rfc6265CookieProcessor in a future Tomcat 8 release.

    This is the legacy cookie parser based on RFC6265, RFC2109 and RFC2616. It implements a strict interpretation of the cookie specifications. Due to various interoperability issues with browsers not all strict behaviours are enabled by default and additional options are available to further relax the behaviour of this cookie processor if required.
    问题就可以定位在CookieProcessor不同实现引起的。 

    原因分析见下半篇博客:An invalid domain [.test.com] was specified for this cookie 原因分析

    解决方法:

    指定完整的domain信息,但是这样单点登录就会有问题了
    Cookie cookie = new Cookie("testCookie", "test");
    cookie.setDomain("cml.test.com");
    cookie.setPath("/");
    cookie.setMaxAge(36000);
    resp.addCookie(cookie);

    2.设置为一级域名(推荐)

    Cookie cookie = new Cookie("testCookie", "test");
    cookie.setDomain("test.com");
    cookie.setPath("/");
    cookie.setMaxAge(36000);
    resp.addCookie(cookie);

  • 相关阅读:
    mysql命令行操作 添加字段,修改字段
    编辑器phpstrom的快捷键修改
    echo json数据给ajax后, 需要加上exit,防止往下执行,带上其他数据,到时ajax失败
    多选出差同事id,拼接,去掉最后逗号
    引入的ajax中异步添加联系人
    .NET 4 实践
    使用dynamic和MEF实现轻量级的AOP组件 (3)
    使用dynamic和MEF实现轻量级的AOP组件 (2)
    使用dynamic 和MEF实现轻量级的 AOP 组件 (1)
    AOP-SheepAspect
  • 原文地址:https://www.cnblogs.com/zhjh256/p/10099668.html
Copyright © 2011-2022 走看看