Tomcat 对 Cookie的聪明处理。

    近日使用Tomcat调试的时候,使用response写入一个Cookie,发现Cookie的值带上了双引号,百思不得其解,查找源码发现Tomcat在写入Cookie值有"/" 的时候,为避免错误,Tomcat做了以下处理

org.apache.tomcat.util.http.ServerCookie

 

Java代码   收藏代码
  1. <span>    private static void maybeQuote (StringBuffer buf, String value) {  
  2.         if (value==null || value.length()==0) {  
  3.             buf.append("\"\"");  
  4.         } else if (CookieSupport.alreadyQuoted(value)) {  
  5.             buf.append('"');  
  6.             buf.append(escapeDoubleQuotes(value,1,value.length()-1));  
  7.             buf.append('"');  
  8.         } <span style="color: #ff0000;">else if (CookieSupport.isHttpToken(value) &&  
  9.                 !CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||  
  10.                 CookieSupport.isV0Token(value) &&  
  11.                 CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0)</span> {  
  12.             buf.append('"');  
  13.             buf.append(escapeDoubleQuotes(value,0,value.length()));  
  14.             buf.append('"');  
  15.         } else {  
  16.             buf.append(value);  
  17.         }  
  18.     }  
  19. </span>  

 查询Tomcat文档,解释如下:

org.apache.catalina. STRICT_SERVLET_COMPLIANCE

If this is true the following actions will occur:

  • any wrapped request or response object passed to an application dispatcher will be checked to ensure that it has wrapped the original request or response. (SRV.8.2 / SRV.14.2.5.1)
  • a call to Response.getWriter() if no character encoding has been specified will result in subsequent calls to Response.getCharacterEncoding() returningISO-8859-1 and the Content-Type response header will include a charset=ISO-8859-1 component. (SRV.15.2.22.1)
  • every request that is associated with a session will cause the session's last accessed time to be updated regardless of whether or not the request explicitly accesses the session. (SRV.7.6)
  • cookies will be parsed strictly, by default v0 cookies will not work with any invalid characters. 
    If set to false, any v0 cookie with invalid character will be switched to a v1 cookie and the value will be quoted.
  • the path in ServletContext.getResource / getResourceAsStream calls must start with a "/".
    If set to false, code like getResource("myfolder/myresource.txt") will work.

 

If this is true the default value will be changed for:

  • org.apache.catalina.connector.Request. ALLOW_EMPTY_QUERY_STRING property
  • The webXmlValidation attribute of any Context element.
  • The webXmlNamespaceAware attribute of any Context element.
  • The tldValidation attribute of any Context element.

 

If not specified, the default value of false will be used.

 

解决办法:

在catalina.properties里边增加一行:

org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true

或者自行修改源码

 影响版本:暂时确认有Tomcat 6、7

 


评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值