A cookie header was received that contained an invalid cookie.

Question

I am migrating my Server from Tomcat-6 to Tomcat-9. My website is designed for the protocol of HTTP/1.1 . The server.xml file

Answer 1

I found the API deployed on tomcat able to grab the cookies when I send a cURL request, though there was tomcat warning.

curl -XPOST -H "Content-Type: application/json"  --cookie "userId=64ad960c-bb7e-48dd-8191-4f31539bc2c2,accessToken=64ad960c-bb7e-48dd-8191-4f31539bc2c2" -d '{"message":"play porcupine tree"}' http://localhost:9090/nlu/convo

But to remove the warning, had to update cookie processor (LegacyCookieProcessor) in the tomcat config (conf/context.xml)

Example,

cat /usr/local/apache-tomcat-8.5.12/conf/context.xml 




    WEB-INF/web.xml
    ${catalina.base}/conf/web.xml

    

    

I thought org.apache.tomcat.util.http.Rfc6265CookieProcessor would work but did not, LegacyCookieProcessor is required.

Reference

https://tomcat.apache.org/tomcat-8.5-doc/config/cookie-processor.html#Legacy_Cookie_Processor_-_org.apache.tomcat.util.http.LegacyCookieProcessor

https://tools.ietf.org/html/rfc6265

LegacyCookieProcessor implements a strict interpretation of the cookie specifications. Due to various interoperability issues with browsers not all strict behaviours are enabled by default and additional options are available to further relax the behaviour of this cookie processor if required.