Tomcat 对 Cookie的聪明处理。-阿里云开发者社区

Tomcat 对 Cookie的聪明处理。

2016-06-07 3614

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介：

近日使用Tomcat调试的时候，使用response写入一个Cookie，发现Cookie的值带上了双引号，百思不得其解，查找源码发现Tomcat在写入Cookie值有"/" 的时候，为避免错误，Tomcat做了以下处理：

org.apache.tomcat.util.http.ServerCookie

   Java代码  
    
  
<span>    private static void maybeQuote (StringBuffer buf, String value) {  
        if (value==null || value.length()==0) {  
            buf.append("\"\"");  
        } else if (CookieSupport.alreadyQuoted(value)) {  
            buf.append('"');  
            buf.append(escapeDoubleQuotes(value,1,value.length()-1));  
            buf.append('"');  
        } <span style="color: #ff0000;">else if (CookieSupport.isHttpToken(value) &&  
                !CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||  
                CookieSupport.isV0Token(value) &&  
                CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0)</span> {  
            buf.append('"');  
            buf.append(escapeDoubleQuotes(value,0,value.length()));  
            buf.append('"');  
        } else {  
            buf.append(value);  
        }  
    }  
</span>  

查询Tomcat文档,解释如下：

org.apache.catalina. STRICT_SERVLET_COMPLIANCE

If this is true the following actions will occur:

any wrapped request or response object passed to an application dispatcher will be checked to ensure that it has wrapped the original request or response. (SRV.8.2 / SRV.14.2.5.1)
a call to Response.getWriter() if no character encoding has been specified will result in subsequent calls to Response.getCharacterEncoding() returningISO-8859-1 and the Content-Type response header will include a charset=ISO-8859-1 component. (SRV.15.2.22.1)
every request that is associated with a session will cause the session's last accessed time to be updated regardless of whether or not the request explicitly accesses the session. (SRV.7.6)
cookies will be parsed strictly, by default v0 cookies will not work with any invalid characters.
If set to false, any v0 cookie with invalid character will be switched to a v1 cookie and the value will be quoted.
the path in ServletContext.getResource / getResourceAsStream calls must start with a "/".
If set to false, code like getResource("myfolder/myresource.txt") will work.

If this is true the default value will be changed for:

org.apache.catalina.connector.Request. ALLOW_EMPTY_QUERY_STRING property
The webXmlValidation attribute of any Context element.
The webXmlNamespaceAware attribute of any Context element.
The tldValidation attribute of any Context element.

If not specified, the default value of false will be used.

解决办法：

在catalina.properties里边增加一行：

org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true

或者自行修改源码

影响版本：暂时确认有Tomcat 6、7

Tomcat 对 Cookie的聪明处理。

热门文章

最新文章

相关课程

相关电子书