| Author |
Message |
|
|
|
SwatiSingh
Joined: Dec 15, 2020
Messages: 9
Offline
|
We're seeing the line "A cookie header was received [/xyz_project; $Domain=******************] that contained an invalid cookie. The cookie will be ignored." in catalina.out logs.
From searching online, I think this is because the bit in square brackets contains a "/" character and a "$" character, of which one or both are now considered invalid for cookie headers. This is due to stricter validation in a new CookieProcessor, introduced in Tomcat 8.
Another suggestion is that we can replace the new CookieProcessor with the LegacyCookieProcessor, which doesn't have this extra validation and thus the logs will vanish. I do not think this is the right thing to do. Reverting to older software just kicks the problem further down the road for later, leaves us a potential trap to be caught out by this validation at a later date.
The real solution should involve finding where the cookie comes from and fixing it.
Is there some logging we can turn on that will show us where this header is being sent from so it can be fixed.
|
|
|
 |
|
|
|
WilsonYu
Joined: Nov 6, 2013
Messages: 3950
Offline
|
I recognize this was a problem in 7.1.0.1202 when there was "/" at the start of the cookie. We corrected that for 7.2.
|
|
|
|
|
|
|
SwatiSingh
Joined: Dec 15, 2020
Messages: 9
Offline
|
which jar or resource version are we talking about here?
|
|
|
|
|
|
|
WilsonYu
Joined: Nov 6, 2013
Messages: 3950
Offline
|
OD 7.2. What version are you on?
|
|
|
|
|
|
|
SwatiSingh
Joined: Dec 15, 2020
Messages: 9
Offline
|
We are using AAOD 7.2.2
|
|
|
|
|
|
|
WilsonYu
Joined: Nov 6, 2013
Messages: 3950
Offline
|
I am not able to reproduce the problem. Can you make sure in the Tomcat/lib the scertcommon<version>.jar is 07.22 and it is the only scertcommon jar file there?
|
|
|
|
|
|
|
SwatiSingh
Joined: Dec 15, 2020
Messages: 9
Offline
|
Yes I confirmed under tomcat lib jar and version are present only once. scertcommon-07.22.10.04.jar
|
|
|
|
|
|
|
WilsonYu
Joined: Nov 6, 2013
Messages: 3950
Offline
|
Do you have some logs where I can see this actually comes from?
|
|
|
|
|
|
|
SwatiSingh
Joined: Dec 15, 2020
Messages: 9
Offline
|
sent redacted logs on PM, might need to check that.
|
|
|
|
|
|
|
March_561
Joined: Jan 12, 2021
Messages: 1
Offline
|
I am also seeing the same kind of cookie error since last two weeks on the top of my tab in a line. And the line goes as "A cookie header was received [/xyz_project; $Domain=******************] that contained an invalid cookie. The cookie will be ignored."
Please help us to resolve the issue. AARP Medicare |
|
|
|
|
|
|
WilsonYu
Joined: Nov 6, 2013
Messages: 3950
Offline
|
Can you show me the log that shows the invalid cookie? That's what I am asking for. I can't reproduce the error.
|
|
|
|
