如何删除Tomcat中的特定cookie?

时间:2013-11-21 14:34:07

标签: apache tomcat cookies reverse-proxy

在我的Tomcat 7(与我的Ubuntu 12.04 LTS服务器捆绑在一起)中,我安装了Jasig CAS 3.5.1的实例。

问题在于,在特定情况下,某些客户端浏览器会使用包含重音字符的Google Analytics Cookie到达我的CAS:

Cookie: __utma=138551020.224991009.1377788460.1385030099.1385031617.283; __utmb=138551020.3.10.1385031617; __utmc=137551020; __utmz=137551020.1385931617.283.104.utmcsr=YMLP|utmccn=Coup%20de%20théatre|utmcmd=email|utmctr=mmp4_TestOctobre2013.png

在这种情况下,Tomcat无法处理它!

Nov 21, 2013 1:35:41 PM org.apache.coyote.ajp.AjpAprProcessor process
SEVERE: Error processing request
java.lang.IllegalArgumentException: Control character in cookie value or attribute.
        at org.apache.tomcat.util.http.CookieSupport.isHttpSeparator(CookieSupport.java:193)
        at org.apache.tomcat.util.http.Cookies.getTokenEndPosition(Cookies.java:502)
        at org.apache.tomcat.util.http.Cookies.processCookieHeader(Cookies.java:291)
        at org.apache.tomcat.util.http.Cookies.processCookies(Cookies.java:168)
        at org.apache.tomcat.util.http.Cookies.getCookieCount(Cookies.java:106)
        at org.apache.catalina.connector.CoyoteAdapter.parseSessionCookiesId(CoyoteAdapter.java:919)
        at org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:688)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:402)
        at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:197)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
        at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1763)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:679)

我正在使用Apache 2(捆绑在Ubuntu中)来代理使用该配置的请求:

ProxyPass /cas ajp://localhost:8009/cas
ProxyPassReverse /cas https://sso.mycompany.com/cas

问题是:我可以在向Tomcat发送请求之前用Apache删除特定的重音Cookie值吗?

(我看到in the sources没有办法告诉Tomcat“不要打扰控制角色,无论如何解析我的cookie”)

1 个答案:

答案 0 :(得分:0)

作为said here,请使用mod_headers

<Location "/cas">
        RequestHeader edit Cookie "^(.*?)\|utmccn=.*?(\|.*)$" $1$2
</Location>
相关问题
最新问题