tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: cookie issue with Tomcat 7 - does not accept the character "é"
Date Sun, 02 Feb 2014 20:00:09 GMT
Hash: SHA256


On 2/2/14, 2:31 PM, Callinswood,Kevin,VEVEY,GLOBE BTC wrote:
> We have upgraded to Tomcat 7 from Tomcat 6 and we are now facing 
> issues due to some of the standard company cookies containing an
> "é".
> Tomcat 6 accepted the "é" but upgrading to Tomcat 7 we get an
> error if the "é" is any parameter except for the 1st position.

What you do mean "any parameter except for the 1st position"? You said
this was about cookies...

> The error received is:
> SEVERE: Error processing request 
> java.lang.IllegalArgumentException: Control character in cookie
> value or attribute.

Can you give a protocol dump including byte-translation? For example,
é is usually expressed as 0xc9 and appears in ISO-8859-1 as a single
byte. Since it's in the top-half of the ISO-8859-1 character set,
UTF-8 requires that it be represented by two bytes: 0xc3 0xa9

Without quoting, unquoted Cookie names and values may be any US-ASCII
character from 0x32 - 0x7e except for any of ("(" | ")" | "<" | ">" |
"@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{"
| "}" | SP | HT). None of the characters above are within that range,
so the cookie value must be quoted. (It looks to me like Cookie names
must always be in US-ASCII... I didn't think that was the case but I'm
not motivated to track-down every word of the spec looking for

What is the character encoding of the request? What client are you
using? Who created the cookie in the first place?

> I have tried playing around with the parameters in the 
> file but with no success.  Is there a way to 
> remove all checking of cookies ?

Tomcat has become more standards-strict in version 7. This page should
give you a bit of insight, though it is quite technical:

> Possible solutions are to revert to Tomcat 6, change web server,
> or encode the cookies.  We are planning a go-live a week from now
> so reverting to Tomcat 6 seems to be the solution in the short
> term.

You decided to start testing with a new major application server
version 1 week before deployment? Hmm. Sounds like using Tomcat 6 is
the right short-term move. You really need to identify the problem,
though: it's only going to get worse.

Now, if you had Tomcat 6 create those cookies and the client is
sending them back tom Tomcat 7, then you may want to expire those old
cookies and see what a Tomcat 7 roundtrip looks like. Tomcat 7 may be
more properly encoding the cookies in the first place, solving the
problem before it begins.

- -chris
Version: GnuPG v1
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message