项目原先部署在tomcat6下面被甲方扫出漏洞要求整改,移植到tomcat9后登录莫名出现
An invalid domain was specified for this cookie
在网上找了很多资料也是让修改成合法的域名说tomcat8.5开始解析cookie变了,但是无论怎么修改代码中的域名均无效,后来找到了一篇老外写的文章,按其中的方法很快解决。ps:老外就是牛x
Set tomcat to use LegacyCookieProcessor (because Rfc6265CookieProcessor complies with RFC6265 which does not allow domains beginning with non-alphanumeric characters):�0�2
1. Edit the Tomcat/conf/content.xml�0�2
2. Add the statement in betweeen the <context> and </context> tags:�0�2
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />�0�2
3. Restart Tomcat.
相关文章: