澳门新葡新京官方网站

The Cookie Processor Component

Table of Contents

Introduction

The CookieProcessor element represents the component that parses received cookie headers into javax.servlet.http.Cookie objects accessible through HttpServletRequest.getCookies() and converts javax.servlet.http.Cookie objects added to the response through HttpServletResponse.addCookie()澳门新葡新京官方网站 to the HTTP headers returned to the client.

A CookieProcessor element MAY be nested inside a Context component. If it is not included, a default implementation will be created automatically.

Attributes

Common Attributes

All implementations of CookieProcessor澳门新葡新京官方网站 support the following attributes:

Attribute Description
className

Java class name of the implementation to use. This class must implement the org.apache.tomcat.util.http.CookieProcessor interface. If not specified, the standard value (defined below) will be used.

Standard Implementation

The standard implementation of CookieProcessor is org.apache.tomcat.util.http.Rfc6265CookieProcessor.

澳门新葡新京官方网站This cookie processor is based on RFC6265 with the following changes to support better interoperability:

  • Values 0x80 to 0xFF are permitted in cookie-octet to support the use of UTF-8 in cookie values as used by HTML 5.
  • For cookies without a value, the '=' is not required after the name as some browsers do not sent it.

澳门新葡新京官方网站The RFC 6265 cookie processor is generally more lenient than the legacy cookie parser. In particular:

  • The '=' and '/' characters are always permitted in a cookie value.
  • Name only cookies are always permitted.
  • The cookie header is always preserved.

The RFC 6265 Cookie Processor澳门新葡新京官方网站 supports the following additional attributes.

Attribute Description
sameSiteCookies

澳门新葡新京官方网站Enables setting same-site cookie attribute.

If value is unset then the same-site cookie attribute won't be set. This is the default value.

If value is none澳门新葡新京官方网站 then the same-site cookie attribute will be set and the cookie will always be sent in cross-site requests.

If value is lax澳门新葡新京官方网站 then the browser only sends the cookie in same-site requests and cross-site top level GET requests.

If value is strict then the browser prevents sending the cookie in any cross-site request.

This is the legacy cookie parser based on RFC6265, RFC2109 and RFC2616. It implements a strict interpretation of the cookie specifications. Due to various interoperability issues with browsers not all strict behaviours are enabled by default and additional options are available to further relax the behaviour of this cookie processor if required.

Attribute Description
allowEqualsInValue

If this is true Tomcat will allow '=' characters when parsing unquoted cookie values. If false, cookie values containing '=' will be terminated when the '=澳门新葡新京官方网站' is encountered and the remainder of the cookie value will be dropped.

If not set the specification compliant default value of false澳门新葡新京官方网站 will be used.

allowHttpSepsInV0

If this is true澳门新葡新京官方网站 Tomcat will allow HTTP separators in cookie names and values.

If not specified, the default specification compliant value of false will be used.

allowNameOnly

If this is true Tomcat will allow name only cookies (with or without trailing '=') when parsing cookie headers. If false澳门新葡新京官方网站, name only cookies will be dropped.

If not set the specification compliant default value of false澳门新葡新京官方网站 will be used.

alwaysAddExpires

If this is true澳门新葡新京官方网站 Tomcat will always add an expires parameter to a SetCookie header even for cookies with version greater than zero. This is to work around a known IE6 and IE7 bug that causes I to ignore the Max-Age parameter in a SetCookie header.

If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be false, else the default value will be true澳门新葡新京官方网站.

forwardSlashIsSeparator

If this is true Tomcat will treat the forward slash character ('/') as an HTTP separator when processing cookie headers. If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false.

sameSiteCookies

澳门新葡新京官方网站Enables setting same-site cookie attribute.

If value is unset澳门新葡新京官方网站 then the same-site cookie attribute won't be set. This is the default value.

If value is none澳门新葡新京官方网站 then the same-site cookie attribute will be set and the cookie will always be sent in cross-site requests.

If value is lax澳门新葡新京官方网站 then the browser only sends the cookie in same-site requests and cross-site top level GET requests.

If value is strict then the browser prevents sending the cookie in any cross-site request.

Nested Components

No element may be nested inside a CookieProcessor.

Special Features

No special features are associated with a CookieProcessor澳门新葡新京官方网站 element.

Comments

Notice: This comments section collects your suggestions on improving documentation for Apache Tomcat.

If you have trouble and need help, read page and ask your question on the tomcat-users . Do not ask such questions here. This is not a Q&A section.

The Apache Comments System is explained here. Comments may be removed by our moderators if they are either implemented or considered invalid/off-topic.

澳门威尼斯app下载-澳门新葡新京官方网站 新葡萄京娱乐场app_新葡萄京官网-首恶 55402com永利-永利402com官方澳门新葡新京官方网站 千赢官网娱乐网站登录-澳门新葡新京官方网站 库博体育-澳门新葡新京官方网站 im体育app-澳门新葡新京官方网站 365bet亚洲官方投注-澳门新葡新京官方网站 新葡的京集团350vip-官网澳门新葡新京官方网站 澳门拉斯维加斯线上游戏_澳门新葡新京官方网站 金沙-金沙澳门官网