An invalid domain [.xxx.com] was specified for this cookie异常解决

在项目中需要向浏览器写cookie，使用的是tomcat8.5，在写cookie的时候设置了一级域名如： .xxx.com , 但是在写cookie的时候，抛出了异常:

An invalid domain [.xxx.com] was specified for this cookie

经查这种域名设置是cookie 版本0的遗留格式

在tomcat8.5上是使用org.apache.tomcat.util.http.Rfc6265CookieProcessor

The standard implementation of CookieProcessor is org.apache.tomcat.util.http.Rfc6265CookieProcessor.

This cookie processor is based on RFC6265 with the following changes to support better interoperability:

Values 0x80 to 0xFF are permitted in cookie-octet to support the use of UTF-8 in cookie values as used by HTML 5.
For cookies without a value, the '=' is not required after the name as some browsers do not sent it.
The RFC 6265 cookie processor is generally more lenient than the legacy cookie parser. In particular:

The '=' and '/' characters are always permitted in a cookie value.
Name only cookies are always permitted.
The cookie header is always preserved.
No additional attributes are supported by the RFC 6265 Cookie Processor.

文档地址

在tomcat8.0及以下使用的是org.apache.tomcat.util.http.LegacyCookieProcessor

The standard implementation of CookieProcessor is org.apache.tomcat.util.http.LegacyCookieProcessor. Note that it is anticipated that this will change to org.apache.tomcat.util.http.Rfc6265CookieProcessor in a future Tomcat 8 release.

This is the legacy cookie parser based on RFC6265, RFC2109 and RFC2616. It implements a strict interpretation of the cookie specifications. Due to various interoperability issues with browsers not all strict behaviours are enabled by default and additional options are available to further relax the behaviour of this cookie processor if required.

文档地址

问题就可以定位在CookieProcessor不同实现引起的。

解决办法：

1. 针对于单独使用Tomcat的用户，修改tomcat的配置文件，设置tomcat使用LegacyCookieProcessor 来处理：

修改tomcat的conf/context.xml 文件，在<Context></Context>中间加上：

如下：

<Context>

    <!-- Default set of monitored resources. If one of these changes, the    -->
    <!-- web application will be reloaded.                                   -->
    <WatchedResource>WEB-INF/web.xml</WatchedResource>
    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>

	<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" /> 
    <!-- Uncomment this to disable session persistence across Tomcat restarts -->
    <!--
    <Manager pathname="" />
    -->
</Context>

然后重启tomcat即可。

2. 如果使用的是springboot，则需要使用代码进行配置：

/**
 * 解决cookie根域名设置问题
 * @author Declan
 */
@Configuration
public class CookieConfig {
    /**
     * 解决问题：
     * There was an unexpected error (type=Internal Server Error, status=500).
     * An invalid domain [.xxx.com] was specified for this cookie
     *
     * @return
     */
    @Bean
    public WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() {
        return (factory) -> factory.addContextCustomizers(
                (context) -> context.setCookieProcessor(new LegacyCookieProcessor()));
    }
}

还有一种解决办法，就是在Tomcat8.5以后的版本，在配置域名的时候，不要在域名前加 "."，配置如下：