59904: Add a limit (default 200) for the number of cookies allowed per request. Based on a patch by gehui. (markt)
대상 버전 : Tomcat 7.0.71 ~ 등
- 9.0.x for 9.0.0.M10 onwards
- 8.5.x for 8.5.5 onwards
- 8.0.x for 8.0.37 onwards
- 7.0.x for 7.0.71 onwards
- 6.0.x for 6.0.46 onwards
org.apache.tomcat.util.http.Cookie에 아래와 같이 limit 변수와 setter가 추가되었습니다. (default 200)
private int limit = 200; public void setLimit(int limit) { this.limit = limit; if (limit > -1 && scookies.length > limit && cookieCount <= limit) { // shrink cookie list array ServerCookie scookiesTmp[] = new ServerCookie[limit]; System.arraycopy(scookies, 0, scookiesTmp, 0, cookieCount); scookies = scookiesTmp; } }
addCookie 메소드에도 limit 관련 로직이 추가되었습니다.
private ServerCookie addCookie() { if (limit > -1 && cookieCount >= limit) { throw new IllegalArgumentException( sm.getString("cookies.maxCountFail", Integer.valueOf(limit))); } if (cookieCount >= scookies.length) { int newSize = Math.min(2*cookieCount, limit); ServerCookie scookiesTmp[] = new ServerCookie[newSize]; System.arraycopy( scookies, 0, scookiesTmp, 0, cookieCount); scookies=scookiesTmp; } ServerCookie c = scookies[cookieCount]; if( c==null ) { c= new ServerCookie(); scookies[cookieCount]=c; } cookieCount++; return c; }
이 default 값은 Mark Thomas가 정했는데요, 그는 http://browsercookielimits.squawky.net/를 통해 테스트 진행 후 200이라는 default 값을 산정하였습니다.