A cookie header was received that contained an invalid cookie.
i was getting this issue with spring boot of version above 2.2.x
it got fixed after adding below bean
public WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() {
return tomcatServletWebServerFactory -> tomcatServletWebServerFactory.addContextCustomizers((TomcatContextCustomizer) context -> {
context.setCookieProcessor(new LegacyCookieProcessor());
});
}
I found the API deployed on tomcat able to grab the cookies when I send a cURL request, though there was tomcat warning.
curl -XPOST -H "Content-Type: application/json" --cookie "userId=64ad960c-bb7e-48dd-8191-4f31539bc2c2,accessToken=64ad960c-bb7e-48dd-8191-4f31539bc2c2" -d '{"message":"play porcupine tree"}' http://localhost:9090/nlu/convo
But to remove the warning, had to update cookie processor (LegacyCookieProcessor) in the tomcat config (conf/context.xml)
Example,
cat /usr/local/apache-tomcat-8.5.12/conf/context.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- The contents of this file will be loaded for each web application -->
<Context>
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!--
<CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" />
-->
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />
</Context>
I thought org.apache.tomcat.util.http.Rfc6265CookieProcessor would work but did not, LegacyCookieProcessor is required.
Reference
https://tomcat.apache.org/tomcat-8.5-doc/config/cookie-processor.html#Legacy_Cookie_Processor_-_org.apache.tomcat.util.http.LegacyCookieProcessor
https://www.rfc-editor.org/rfc/rfc6265
LegacyCookieProcessorimplements a strict interpretation of the cookie specifications. Due to various interoperability issues with browsers not all strict behaviours are enabled by default and additional options are available to further relax the behaviour of this cookie processor if required.