Tomcat 对 Cookie的聪明处理。
2023-09-14 09:02:07 时间
近日使用Tomcat调试的时候,使用response写入一个Cookie,发现Cookie的值带上了双引号,百思不得其解,查找源码发现Tomcat在写入Cookie值有"/" 的时候,为避免错误,Tomcat做了以下处理:
org.apache.tomcat.util.http.ServerCookie
span private static void maybeQuote (StringBuffer buf, String value) { if (value==null || value.length()==0) { buf.append("\"\""); } else if (CookieSupport.alreadyQuoted(value)) { buf.append("); buf.append(escapeDoubleQuotes(value,1,value.length()-1)); buf.append("); } span else if (CookieSupport.isHttpToken(value) !CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 || CookieSupport.isV0Token(value) CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) /span { buf.append("); buf.append(escapeDoubleQuotes(value,0,value.length())); buf.append("); } else { buf.append(value); } } /span
org.apache.catalina. STRICT_SERVLET_COMPLIANCE
If this is true the following actions will occur:
any wrapped request or response object passed to an application dispatcher will be checked to ensure that it has wrapped the original request or response. (SRV.8.2 / SRV.14.2.5.1) a call to Response.getWriter() if no character encoding has been specified will result in subsequent calls to Response.getCharacterEncoding() returningISO-8859-1 and the Content-Type response header will include a charset=ISO-8859-1 component. (SRV.15.2.22.1) every request that is associated with a session will cause the sessions last accessed time to be updated regardless of whether or not the request explicitly accesses the session. (SRV.7.6) cookies will be parsed strictly, by default v0 cookies will not work with any invalid characters.If set to false, any v0 cookie with invalid character will be switched to a v1 cookie and the value will be quoted.
the path in ServletContext.getResource / getResourceAsStream calls must start with a "/".
If set to false, code like getResource("myfolder/myresource.txt") will work.
org.apache.catalina.connector.Request. ALLOW_EMPTY_QUERY_STRING property The webXmlValidation attribute of any Context element. The webXmlNamespaceAware attribute of any Context element. The tldValidation attribute of any Context element.
If not specified, the default value of false will be used.
解决办法:
在catalina.properties里边增加一行:
org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
或者自行修改源码
影响版本:暂时确认有Tomcat 6、7
我们在访问一些大型购物网站的时候,都有添加到购物车这一项,而购物车里面的东西都是临时的,商品买完之后购物车里面的东西可能就没有价值了。如果把这些临时的东西都保存到服务器的话,无疑是一种资源浪费。
相关文章
- tomcat是否有必要配置环境变量[通俗易懂]
- java tomcat 环境变量配置_手把手教你如何配置tomcat环境变量「建议收藏」
- Linux tomcat部署War包,Linux在Tomcat部署JavaWeb项目,Linux部署War包
- 如何配置tomcat环境变量
- tomcat宕机无法响应问题研究解决
- java检测tomcat宕机_Tomcat意外宕机分析
- Tomcat之——宕机自动重启和每日定时启动tomcat
- idea中配置通过tomcat启动web项目
- 隐藏tomcat版本
- Tomcat配置域名_tomcat nginx
- Tomcat的目录结构
- The temporary upload location [/tmp/tomcat.***/work/Tomcat/localhost/ROOT] is not valid
- 查看Tomcat内存使用情况的JSP代码详解编程语言
- Linux查看Tomcat端口的方法(linux查看tomcat端口)
- Linux下一步步搭建Tomcat环境(linux配置tomcat环境变量)
- Linux下重启Tomcat的操作步骤(linux重启tomcat)
- Linux修改Tomcat端口号的步骤(linux修改tomcat端口)
- 搭建Tomcat连接MySQL数据库的快速指南(tomcat连接mysql数据库)
- Linux下安装Tomcat服务器的步骤(linux上安装tomcat)
- 日志Linux下查看Tomcat日志的方法(linux查看tomcat)
- Linux下如何快速启动Tomcat(linux如何启动tomcat)
- Linux系统下部署高性能Tomcat服务器(linux部署tomcat)
- Tomcat 与 Redis 的桥梁惠泽互联(tomcat与redis)
- Tomcat多个应用配置方法
- JS新增Cookie取cookie值删除cookie举例详解
- ThinkPHP的cookie和session冲突造成Cookie不能使用的解决方法
- Linux小技巧分享之如何重新启动tomcat