问题
I am migrating my Server from Tomcat-6 to Tomcat-9. My website is designed for the protocol of HTTP/1.1 . The server.xml file contains the Connector Protocol of org.apache.coyote.http11.Http11NioProtocol . The server starts up normally without generating any errors. However, when I try to access my website using localhost, I get the following error :-
INFO [https-nio-8445-exec-3] org.apache.tomcat.util.http.parser.Cookie.logInvalidHeader A cookie header was received [ 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 21, 22, 23]; userId=53136] that contained an invalid cookie. That cookie will be ignored.Note: further occurrences of this error will be logged at DEBUG level.
Can anyone please tell me the reason for this error? What causes an invalid cookie? Can this error be avoided if I use a different connector?
回答1:
I found the API deployed on tomcat able to grab the cookies when I send a cURL request, though there was tomcat warning.
curl -XPOST -H "Content-Type: application/json" --cookie "userId=64ad960c-bb7e-48dd-8191-4f31539bc2c2,accessToken=64ad960c-bb7e-48dd-8191-4f31539bc2c2" -d '{"message":"play porcupine tree"}' http://localhost:9090/nlu/convo
But to remove the warning, had to update cookie processor (LegacyCookieProcessor) in the tomcat config (conf/context.xml)
Example,
cat /usr/local/apache-tomcat-8.5.12/conf/context.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- The contents of this file will be loaded for each web application -->
<Context>
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!--
<CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" />
-->
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />
</Context>
I thought org.apache.tomcat.util.http.Rfc6265CookieProcessor would work but did not, LegacyCookieProcessor is required.
Reference
https://tomcat.apache.org/tomcat-8.5-doc/config/cookie-processor.html#Legacy_Cookie_Processor_-_org.apache.tomcat.util.http.LegacyCookieProcessor
https://tools.ietf.org/html/rfc6265
LegacyCookieProcessorimplements a strict interpretation of the cookie specifications. Due to various interoperability issues with browsers not all strict behaviours are enabled by default and additional options are available to further relax the behaviour of this cookie processor if required.
回答2:
Fwiw: I somehow got my Chrome browser into a really b0rken state, getting it to send a malformed cookie with mismatched quotes: "XSRF-TOKEN=93926112-aa12-440e-8e06-02b7fbce27d5;
Just clearing the cookie from the developer tools wasn't sufficient, but Clear storage from the sidebar of the Application tab seems to have done it.
来源:https://stackoverflow.com/questions/36665320/a-cookie-header-was-received-that-contained-an-invalid-cookie