|Re: log cookies [message #869728 is a reply to message #869575]
||Fri, 04 May 2012 04:50
|| karthik elavan
Registered: August 2011
Thank you very much for your reply.
My cookies are set correctly in the browser, I have seen the cookie values which I have set through the code in the fire-fox browser by clicking the options - show cookies.
Also functionality & UI is working good as expected.
Also when we developed this application using jetty server in development environment, it works good, there are no such log messages are written &
when we tested the same application in test environment in virgo tomcat server 3.0.2, it works great as expected, there are no such log entry in the log file.
We have shifted our application to live environment (virgo tomcat server 3.0.2) where we have faced this (Cookies: Invalid cookie. Value not a token or quoted value) log entry issue, however in live also application is working good.
FYI - I have set the cookies by following code:
private Cookies cookies; // This is tapestry cookie
cookies.writeCookieValue("isUserLogin", "True", -1);
Thank you again for your help...
[Updated on: Fri, 04 May 2012 04:51]
Report message to a moderator
|Re: log cookies [message #872509 is a reply to message #871575]
||Wed, 16 May 2012 08:51
| Violeta Georgieva
Registered: October 2010
I do not think that this cookie is the problematic one.
I do not recommend to hide the log untill you know what the problem is.
As I wrote several times, you can enable org.apache.tomcat.util.http.Cookies in Debug mode so that you can check what comes to Virgo Tomcat Server as cookies, it migth be some additional symbols that cannot be seen with firebug.
When you know what the exact problem is, you can play with the following system properties (http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification):
org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE - If this is true Tomcat will allow '=' characters when parsing unquoted cookie values. If false, cookie values containing '=' will be terminated when the '=' is encountered and the remainder of the cookie value will be dropped. If not specified, the default value specification compliant value of false will be used.
org.apache.tomcat.util.http.ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0 - If this is true Tomcat will allow HTTP separators in cookie names and values. If not specified, the default specification compliant value of false will be used.
org.apache.tomcat.util.http.ServerCookie.ALWAYS_ADD_EXPIRES - If this is true Tomcat will always add an expires parameter to a SetCookie header even for cookies with version greater than zero. This is to work around a known IE6 and IE7 bug that causes IE to ignore the Max-Age parameter in a SetCookie header. If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be false, else the default value will be true.
org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR - If this is true then the / (forward slash) character will be treated as a separator. Note that this character is frequently used in cookie path attributes and some browsers will fail to process a cookie if the path attribute is quoted as is required by a strict adherence to the specifications. This is highly likely to break session tracking using cookies. If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false.
org.apache.tomcat.util.http. ServerCookie.STRICT_NAMING - If this is true then the requirements of the Servlet specification that Cookie names must adhere to RFC2109 (no use of separators) will be enforced. If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false.
org.apache.tomcat.util.http. ServerCookie.ALLOW_NAME_ONLY - If this is true then the requirements of the cookie specifications that cookies must have values will be enforced and cookies consisting only of a name but no value will be ignored. If not specified, the default specification compliant value of false will be used.
Powered by FUDForum
. Page generated in 0.17183 seconds