0 Replies Latest reply on Jan 7, 2015 10:24 PM by hai_feng

    Why httpServletRequestImpl.getCookies() should ignore illegal cookies rather than failing?

    hai_feng
    hai_feng Jan 7, 2015 10:24 PM

      Hi, everyBody:

      Today,my project on WildFly-8.0.1.Final,when i get cookie,there throw a exception as following: 2015-01-06 13:22:55,348 ERROR [io.undertow.request] (default task-58) UT005023: Exception handling request to /ids/login: javax.servlet.ServletException: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.IllegalArgumentException: Cookie name "qh[360]" is a reserved token

      I found it is a bug by under issue: https://issues.jboss.org/browse/UNDERTOW-336 the way to solve this exception is catch this exception but not do anything.what confuse me is that why we do nothing to this exception?I know the other web container sovle this exception by the same way,I just want to know the benefit of this or there isn't attack by this exception?

      thanks,I just want to know it,please!