Tomcat 对 Cookie的聪明处理。

编程技术  /  houtizong 发布于 3年前   55

    近日使用Tomcat调试的时候,使用response写入一个Cookie,发现Cookie的值带上了双引号,百思不得其解,查找源码发现Tomcat在写入Cookie值有"/" 的时候,为避免错误,Tomcat做了以下处理

org.apache.tomcat.util.http.ServerCookie

  

    private static void maybeQuote (StringBuffer buf, String value) {        if (value==null || value.length()==0) {            buf.append("\"\"");        } else if (CookieSupport.alreadyQuoted(value)) {            buf.append('"');            buf.append(escapeDoubleQuotes(value,1,value.length()-1));            buf.append('"');        } else if (CookieSupport.isHttpToken(value) && !CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 || CookieSupport.isV0Token(value) && CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {            buf.append('"');            buf.append(escapeDoubleQuotes(value,0,value.length()));            buf.append('"');        } else {            buf.append(value);        }    }

 查询Tomcat文档,解释如下:

org.apache.catalina. STRICT_SERVLET_COMPLIANCE

If this is true the following actions will occur:

  • any wrapped request or response object passed to an application dispatcher will be checked to ensure that it has wrapped the original request or response. (SRV.8.2 / SRV.14.2.5.1)
  • a call to Response.getWriter() if no character encoding has been specified will result in subsequent calls to Response.getCharacterEncoding() returningISO-8859-1 and the Content-Type response header will include a charset=ISO-8859-1 component. (SRV.15.2.22.1)
  • every request that is associated with a session will cause the session's last accessed time to be updated regardless of whether or not the request explicitly accesses the session. (SRV.7.6)
  • cookies will be parsed strictly, by default v0 cookies will not work with any invalid characters. 
    If set to false, any v0 cookie with invalid character will be switched to a v1 cookie and the value will be quoted.
  • the path in ServletContext.getResource / getResourceAsStream calls must start with a "/".
    If set to false, code like getResource("myfolder/myresource.txt") will work.

 

If this is true the default value will be changed for:

  • org.apache.catalina.connector.Request. ALLOW_EMPTY_QUERY_STRING property
  • The webXmlValidation attribute of any Context element.
  • The webXmlNamespaceAware attribute of any Context element.
  • The tldValidation attribute of any Context element.

 

If not specified, the default value of false will be used.

 

解决办法:

catalina.properties里边增加一行:

org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true

或者自行修改源码

 影响版本:暂时确认有Tomcat 6、7

 

 

 

 

上一篇:从头开始搭建OPENDS(一)
下一篇:JAAS之快速开发JBOSS自定义认证

请勿发布不友善或者负能量的内容。与人为善,比聪明更重要!

留言需要登陆哦

技术博客集 - 网站简介:
前后端技术:
后端基于Hyperf2.1框架开发,前端使用Bootstrap可视化布局系统生成
网站主要作用:
1.编程技术分享及讨论交流,内置聊天系统;
2.测试交流框架问题,比如:Hyperf、Laravel、TP、beego;
3.本站数据是基于大数据采集等爬虫技术为基础助力分享知识,如有侵权请发邮件到站长邮箱,站长会尽快处理;
4.站长邮箱:[email protected];

      订阅博客周刊 去订阅

文章归档

文章标签

友情链接

首页
关于我们
Auther ·HouTiZong
侯体宗的博客
© 2020 zongscan.com
版权所有ICP证 : 粤ICP备20027696号
PHP交流群 也可以扫右边的二维码
侯体宗的博客