There is 1 update.
 
 
XWiki Platform / cid:jira-generated-image-avatar-93976eb6-80d8-4c3f-a218-d347d497dcef XWIKI-23652 In Progress

Impossible to login on Tomcat 10 anymore
 
View issue   ยท   Add comment
 

1 update

 
cid:jira-generated-image-avatar-cf5c120a-916d-4dfc-a5e3-5c4903d974a5 Changes by Thomas Mortagne on 03/Nov/25 12:07
 
Description: XWIKI-23586 switched to standard Servlet cookie API, unfortunately Tomcat is not a fan of the dot prefix we add before the domain and I'm getting:

{noformat}
2025-11-03 10:44:33,233 [http-nio-8080-exec-33 - http://www.myxwiki.org/xwiki/bin/loginsubmit/XWiki/XWikiLogin] ERROR x.x.u.i.x.XWikiAuthServiceImpl - Failed to authenticate
java.lang.IllegalArgumentException: An invalid domain [.myxwiki.org] was specified for this cookie
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:253)
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:147)
at org.apache.catalina.connector.Response.generateCookieString(Response.java:881)
at org.apache.catalina.connector.Response.addCookie(Response.java:837)
at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:302)
at jakarta.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:57)
at jakarta.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:57)
at org.xwiki.jakartabridge.servlet.internal.JavaxToJakartaHttpServletResponseWrapper.addCookie(JavaxToJakartaHttpServletResponseWrapper.java:178)
at javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:98)
at com.xpn.xwiki.user.impl.xwiki.MyPersistentLoginManager.addCookie(MyPersistentLoginManager.java:285)
at com.xpn.xwiki.user.impl.xwiki.MyPersistentLoginManager.setupCookie(MyPersistentLoginManager.java:192)
at com.xpn.xwiki.user.impl.xwiki.MyPersistentLoginManager.rememberLogin(MyPersistentLoginManager.java:228)
{noformat}

It most probably impact Tomcat 11 too but strangely, it does not seem to happen in all setups, need to check if there is some configuration which cause Tomcat to skip that Rfc6265 check .
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.