JSP Tutorials - Herong's Tutorial Examples - v5.11, by Herong Yang
Space Character not Allowed in Cookie Value
This section provides a tutorial example showing that space character ' ' is not allowed in cookie value strings.
While testing cookies, I noticed an error with Tomcat 9. It relates to the space character " " used in cookie values.
Here is example JSP page that add a cookie with a value of "Herong Yang":
<?xml version="1.0"?> <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"> <!-- - CookieValueError.jspx - Copyright (c) 2006 HerongYang.com. All Rights Reserved. --> <jsp:directive.page contentType="text/html"/> <html><body> <p> <jsp:directive.page import="javax.servlet.http.Cookie"/> <jsp:scriptlet><![CDATA[ out.println("<b>Cookie with an invalid value:</b><br/>"); Cookie c = new Cookie("User","Herong Yang"); c.setMaxAge(3*24*60*60); response.addCookie(c); out.println("Name: "+c.getName()+"<br/>"); out.println("Value: "+c.getValue()+"<br/>"); out.println("Domain: "+c.getDomain()+"<br/>"); out.println("Path: "+c.getPath()+"<br/>"); out.println("MaxAge: "+c.getMaxAge()+"<br/>"); out.println("Version: "+c.getVersion()+"<br/>"); ]]></jsp:scriptlet> </p> </body></html> </jsp:root>
Visit this page with a Web browser on Tomcat 9, you will get this error:
HTTP Status 500 – Internal Server Error Type Exception Report Message An exception occurred processing [/CookieValueError.jspx] at line [26] Description The server encountered an unexpected condition that prevented it from fulfilling the request. Exception org.apache.jasper.JasperException: An exception occurred processing [/CookieValueError.jspx] at line [26] Unable to display JSP extract. Probably due to an XML parser bug (see Tomcat bug 48498 for details). Stacktrace: org.apache.jasper.servlet.JspServletWrapper.handleJspException (JspServletWrapper.java:607) org.apache.jasper.servlet.JspServletWrapper.service (JspServletWrapper.java:496) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:386) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:330) javax.servlet.http.HttpServlet.service(HttpServlet.java:741) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) Root Cause java.lang.IllegalArgumentException: An invalid character [32] was present in the Cookie value org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateCookieValue... org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6... org.apache.catalina.connector.Response.generateCookieString(Response....) ... javax.servlet.http.HttpServlet.service(HttpServlet.java:741) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) Note The full stack trace of the root cause is available in the server logs. Apache Tomcat/9.0.12
By reading the error message, it seems that the new Cookie standard RRC 6265 removed space character (together with comma and semi-colon) as allowed value characters.
The above JSP page was working fine with Tomcat 7, which uses an older cookie standard.
Table of Contents
JSP (JavaServer Pages) Overview
Tomcat Installation on Windows Systems
Syntax of JSP Pages and JSP Documents
►Managing Cookies in JSP Pages
Sending and Receiving Cookies in JSP Pages
Persistent Cookies Stored on Hard Disk
Persistent Cookie Test Example
►Space Character not Allowed in Cookie Value
Dumping HTTP Response with Cookies
JavaBean Objects and "useBean" Action Elements
Managing HTTP Response Header Lines
Non-ASCII Characters Support in JSP Pages
Overview of JSTL (JSP Standard Tag Libraries)
Multiple Tags Working Together
Using Tomcat on CentOS Systems
Connecting to SQL Server from Servlet