An invalid domain [] was specified for this cookie问题解决方案
1.【问题描述】: 项目运行在Tomcat 8.5.30上启动报出An invalid domain [] was specified for this cookie,报错行:在某个filter中设置顶层域名cookie,原因:该Tomcat版本下域名验证的时候错误了,不符合Tomcat 8.5.30验证规则
2.【跟踪addCookie方法】:tomcat8.5版本默认使用的是rfc6265实现的,而tomcat8.0版本是LegacyCookieProcessor
3.【rfc6265中看到了域属性规则】:
规则:
(1)必须是1-9、a-z、A-Z、. 、- (注意是-不是_)这几个字符组成
(2)必须是数字或字母开头 (所以以前的cookie的设置为.XX.com 的机制要改为 XX.com 即可)
(3)必须是数字或字母结尾
(4)cookie.setDomain(".test.com");在rfc6265标准中应该改为cookie.setDomain(“test.com”)
4.【解决方案一】:
修改配置 ${tomcat_home}\conf\context.xml文件
<?xml version="1.0" encoding="UTF-8”?>
<!-- The contents of this file will be loaded for each web application -->
<Context>
<!-- Default set of monitored resources. If one of these changes, the -->
<!-- web application will be reloaded. -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!-- <Manager pathname="" /> -->
<!-- 添加代码 将cookie处理的手工设置为LegacyCookieProcessor即可 -->
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor"/>
</Context>
5.【解决方案二】:
SpringBoot项目遇到上述错误,配置下面Bean:
@Bean
public WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() {
return (factory) -> factory.addContextCustomizers(
(context) -> context.setCookieProcessor(new LegacyCookieProcessor()));
}
6.【参考文献】:An invalid domain [] was specified for this cookie问题解决