Hi,
I am checking the RFC6265 as we wanted to switch to the RFC6265 Cookie
processor. One thing I have noticed is around, the way cookie expires date is
written to the response.
As per the RFC the date should follow RFC1123 date format
https://tools.ietf.org/html/rfc6265#section-4.1.1
expire
Set this on AJP Connector in tomcat server.xml
allowedRequestAttributesPattern="CERT_(ISSUER|SUBJECT|COOKIE|FLAGS|SERIALNUMBER)|HTTPS_(SERVER_(SUBJECT|ISSUER)|(SECRETKEYSIZE|KEYSIZE))"
All on one line.
I can see tomcat fixing this in 9.0.32 which isn't yet released.
Thanks,
P.
-Original Mes