This issue has been created
There are 10 updates.
 
 
XWiki Platform / cid:jira-generated-image-avatar-4a955bf3-e9a0-48d0-af6f-818cf82c631b XWIKI-23652 In Progress

Impossible to login on Tomcat 10 anymore
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-56500bd9-8cf4-4479-9c7f-431ec2351393 Thomas Mortagne created this issue on 03/Nov/25 11:26
 
Summary: Impossible to login on Tomcat 10 anymore
Issue Type: cid:jira-generated-image-avatar-4a955bf3-e9a0-48d0-af6f-818cf82c631b Bug
Assignee: Unassigned
Created: 03/Nov/25 11:26
Priority: cid:jira-generated-image-static-major-71a1bc93-d569-4dd8-bfb6-3f8e22437bde Major
Reporter: Thomas Mortagne
Description:

XWIKI-23586 switched to standard Servlet cookie API, unfortunately Tomcat is not a fan of the dot prefix we add before the domain and I'm getting:

2025-11-03 10:44:33,233 [http-nio-8080-exec-33 - http://www.myxwiki.org/xwiki/bin/loginsubmit/XWiki/XWikiLogin] ERROR x.x.u.i.x.XWikiAuthServiceImpl - Failed to authenticate 
java.lang.IllegalArgumentException: An invalid domain [.myxwiki.org] was specified for this cookie
	at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:253)
	at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:147)
	at org.apache.catalina.connector.Response.generateCookieString(Response.java:881)
	at org.apache.catalina.connector.Response.addCookie(Response.java:837)
	at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:302)
	at jakarta.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:57)
	at jakarta.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:57)
	at org.xwiki.jakartabridge.servlet.internal.JavaxToJakartaHttpServletResponseWrapper.addCookie(JavaxToJakartaHttpServletResponseWrapper.java:178)
	at javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:98)
	at com.xpn.xwiki.user.impl.xwiki.MyPersistentLoginManager.addCookie(MyPersistentLoginManager.java:285)
	at com.xpn.xwiki.user.impl.xwiki.MyPersistentLoginManager.setupCookie(MyPersistentLoginManager.java:192)
	at com.xpn.xwiki.user.impl.xwiki.MyPersistentLoginManager.rememberLogin(MyPersistentLoginManager.java:228)

Strangely, it does not seem to happen in all setups, need to check if there is some configuration which cause Tomcat to skip that Rfc6265 check.
 
 

10 updates

 
cid:jira-generated-image-avatar-56500bd9-8cf4-4479-9c7f-431ec2351393 Changes by Thomas Mortagne on 03/Nov/25 11:26
 
Fix Version: 17.10.0-rc-1
Fix Version: 17.4.8
Version: 17.9.0-rc-1
Version: 17.4.6
Description: XWIKI-23586 switched to standard Servlet cookie API, unfortunately Tomcat is not a fan of the dot prefix we add before the domain and I'm getting:

{noformat}
2025-11-03 10:44:33,233 [http-nio-8080-exec-33 - http://www.myxwiki.org/xwiki/bin/loginsubmit/XWiki/XWikiLogin] ERROR x.x.u.i.x.XWikiAuthServiceImpl - Failed to authenticate
java.lang.IllegalArgumentException: An invalid domain [.myxwiki.org] was specified for this cookie
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:253)
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:147)
at org.apache.catalina.connector.Response.generateCookieString(Response.java:881)
at org.apache.catalina.connector.Response.addCookie(Response.java:837)
at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:302)
at jakarta.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:57)
at jakarta.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:57)
at org.xwiki.jakartabridge.servlet.internal.JavaxToJakartaHttpServletResponseWrapper.addCookie(JavaxToJakartaHttpServletResponseWrapper.java:178)
at javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:98)
at com.xpn.xwiki.user.impl.xwiki.MyPersistentLoginManager.addCookie(MyPersistentLoginManager.java:285)
at com.xpn.xwiki.user.impl.xwiki.MyPersistentLoginManager.setupCookie(MyPersistentLoginManager.java:192)
at com.xpn.xwiki.user.impl.xwiki.MyPersistentLoginManager.rememberLogin(MyPersistentLoginManager.java:228)
{noformat}

 Strangely It probably impact Tomcat 11 too but strangely , it does not seem to happen in all setups, need to check if there is some configuration which cause Tomcat to skip that Rfc6265 check.
Assignee: Thomas Mortagne
Component: Old Core
Priority: Major Blocker
Status: Open In Progress
Labels: regression
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.