This is due to Tomcat's cookie processing being changed to a RFC 6265 compliant implementation by default in 8.5, which does not allow space (character 32), among others.
As a workaround, you can configure Tomcat to use legacy cookie processor. To do this with Spring Boot, register an EmbeddedServletContainerCustomizer
@Bean
like this:
@Bean
public EmbeddedServletContainerCustomizer customizer() {
return container -> {
if (container instanceof TomcatEmbeddedServletContainerFactory) {
TomcatEmbeddedServletContainerFactory tomcat = (TomcatEmbeddedServletContainerFactory) container;
tomcat.addContextCustomizers(context -> context.setCookieProcessor(new LegacyCookieProcessor()));
}
};
}
Also see spring-projects/spring-session#gh-605 to track the progress of fixing this in Spring Session.
Update:
The above described solution is valid for Spring Boot 1.x. Starting with Spring Boot 2.0, EmbeddedServletContainerCustomizer
has been replaced with WebServerFactoryCustomizer
as described in the Spring Boot 2.0 migration guide.
Also note that starting with Spring Session 2.0, session cookie is Base64 encoded by default which prevents the original problem from occurring.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…