When using Java running in the Tomcat servlet container you may observe cookie values fetched from javax.servlet.http.Cookie using
getValue() seem incomplete.Example
I like to parse various cookies in Java code, one particular high value cookie for me is Google Anaytics' Campaign Tracking Cookie the UTMZ.
UTMZ typically looks like:
__utmz=1.1322309384.1.1.utmcsr=anothersite.com|utmccn=(referral)|utmcmd=referral|utmctr=9371183|utmcct=/
However when reading and displaying this cookie in Java and Tomcat you'll see the value:
1.1322309384.1.1.utmcsr
This is because Tomcat 6.0.18 now adheres to the cookie spec more tightly than previous versions.
This may cause you multiple issues including:
- The value you expect to see is incomplete (a quick look with Google Chrome -> Inspect Element -> Network -> Headers -> Request Headers shows that the browser is sending the full cookie value to Tomcat).
- Code that did work on a previous Tomcat suddenly breaks.
Solution
If you are in control of the cookie, i.e. you write it then you need to ensure a version 0 cookie doesn't contain any of the following characters: equals =, parentheses (), colon : .
If like the above example you are powerless to control the cookie format, you need to run Tomcat with some additional system properties set. The following added to catalina.properties will do the trick:
org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE=true
org.apache.tomcat.util.http.ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0=true
Further info can be found in the Tomcat Config Docs.
