Tomcat 对 Cookie的聪明处理。

    近日使用Tomcat调试的时候，使用response写入一个Cookie，发现Cookie的值带上了双引号，百思不得其解，查找源码发现Tomcat在写入Cookie值有"/" 的时候，为避免错误，Tomcat做了以下处理：

org.apache.tomcat.util.http.ServerCookie

 

Java代码  

1. <span>    private static void maybeQuote (StringBuffer buf, String value) {  
2.         if (value==null || value.length()==0) {  
3.             buf.append("\"\"");  
4.         } else if (CookieSupport.alreadyQuoted(value)) {  
5.             buf.append('"');  
6.             buf.append(escapeDoubleQuotes(value,1,value.length()-1));  
7.             buf.append('"');  
8.         } <span style="color: #ff0000;">else if (CookieSupport.isHttpToken(value) &&  
9.                 !CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||  
10.                 CookieSupport.isV0Token(value) &&  
11.                 CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0)</span> {  
12.             buf.append('"');  
13.             buf.append(escapeDoubleQuotes(value,0,value.length()));  
14.             buf.append('"');  
15.         } else {  
16.             buf.append(value);  
17.         }  
18.     }  
19. </span>  

 查询Tomcat文档,解释如下：

org.apache.catalina. STRICT_SERVLET_COMPLIANCE

If this is true the following actions will occur:

• any wrapped request or response object passed to an application dispatcher will be checked to ensure that it has wrapped the original request or response. (SRV.8.2 / SRV.14.2.5.1)
• a call to Response.getWriter() if no character encoding has been specified will result in subsequent calls to Response.getCharacterEncoding() returningISO-8859-1 and the Content-Type response header will include a charset=ISO-8859-1 component. (SRV.15.2.22.1)
• every request that is associated with a session will cause the session's last accessed time to be updated regardless of whether or not the request explicitly accesses the session. (SRV.7.6)
• cookies will be parsed strictly, by default v0 cookies will not work with any invalid characters. 
  If set to false, any v0 cookie with invalid character will be switched to a v1 cookie and the value will be quoted.
• the path in ServletContext.getResource / getResourceAsStream calls must start with a "/".
  If set to false, code like getResource("myfolder/myresource.txt") will work.

 

If this is true the default value will be changed for:

• org.apache.catalina.connector.Request. ALLOW_EMPTY_QUERY_STRING property
• The webXmlValidation attribute of any Context element.
• The webXmlNamespaceAware attribute of any Context element.
• The tldValidation attribute of any Context element.

 

If not specified, the default value of false will be used.

 

解决办法：

在catalina.properties里边增加一行：

org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true

或者自行修改源码

 影响版本：暂时确认有Tomcat 6、7