Tomcat 7.0.71에서 request 당 cookie 수 제한 (기본 200)

Tech Note 정보
카테고리: [ Apache Tomcat ]
조회수: 3005

59904: Add a limit (default 200) for the number of cookies allowed per request. Based on a patch by gehui. (markt)

대상 버전 : Tomcat 7.0.71 ~ 등

  • 9.0.x for 9.0.0.M10 onwards
  • 8.5.x for 8.5.5 onwards
  • 8.0.x for 8.0.37 onwards
  • 7.0.x for 7.0.71 onwards
  • 6.0.x for 6.0.46 onwards

 

org.apache.tomcat.util.http.Cookie에 아래와 같이 limit 변수와 setter가 추가되었습니다. (default 200)

    private int limit = 200;
 
    public void setLimit(int limit) {
        this.limit = limit;
        if (limit > -1 &amp;&amp; scookies.length > limit &amp;&amp; cookieCount <= limit) {
            // shrink cookie list array
            ServerCookie scookiesTmp[] = new ServerCookie[limit];
            System.arraycopy(scookies, 0, scookiesTmp, 0, cookieCount);
            scookies = scookiesTmp;
        }
    }

addCookie 메소드에도 limit 관련 로직이 추가되었습니다.

    private ServerCookie addCookie() {
        if (limit > -1 &amp;&amp; cookieCount >= limit) {
            throw new IllegalArgumentException(
                    sm.getString("cookies.maxCountFail", Integer.valueOf(limit)));
        }
 
        if (cookieCount >= scookies.length) {
            int newSize = Math.min(2*cookieCount, limit);
            ServerCookie scookiesTmp[] = new ServerCookie[newSize];
            System.arraycopy( scookies, 0, scookiesTmp, 0, cookieCount);
            scookies=scookiesTmp;
        }
 
        ServerCookie c = scookies[cookieCount];
        if( c==null ) {
            c= new ServerCookie();
            scookies[cookieCount]=c;
        }
        cookieCount++;
        return c;
    }

 

이 default 값은 Mark Thomas가 정했는데요, 그는 http://browsercookielimits.squawky.net/를 통해 테스트 진행 후 200이라는 default 값을 산정하였습니다.