當項目中使用單點登錄功能時，通常會使用cookie進行信息的保存，這樣就可以在多個子域名上存取用戶信息。
比如有三個domain分別為test.com,cml.test.com,b.test.com這三個域名下的cookie是需要互相訪問的。這時會在response上寫入cookie信息

Cookie cookie = new Cookie("testCookie", "test");
cookie.setDomain(".test.com");
cookie.setPath("/");
cookie.setMaxAge(36000);
resp.addCookie(cookie);
這樣寫在tomcat8.0上是沒問題的，三個域名可以共享cookie信息。但是把它放到tomcat8.5上就報錯了

java.lang.IllegalArgumentException: An invalid domain [.test.com] was specified for this cookie
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:181)
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:123)
at org.apache.catalina.connector.Response.generateCookieString(Response.java:989)
at org.apache.catalina.connector.Response.addCookie(Response.java:937)
at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386)
at com.cml.mvc.controller.HelloWorld.str(HelloWorld.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:777)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:706)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)

在tomcat8.5上是使用org.apache.tomcat.util.http.Rfc6265CookieProcessor

The standard implementation of CookieProcessor is org.apache.tomcat.util.http.Rfc6265CookieProcessor.

This cookie processor is based on RFC6265 with the following changes to support better interoperability:

Values 0x80 to 0xFF are permitted in cookie-octet to support the use of UTF-8 in cookie values as used by HTML 5.
For cookies without a value, the ‘=‘ is not required after the name as some browsers do not sent it.
The RFC 6265 cookie processor is generally more lenient than the legacy cookie parser. In particular:

The ‘=‘ and ‘/‘ characters are always permitted in a cookie value.
Name only cookies are always permitted.
The cookie header is always preserved.
No additional attributes are supported by the RFC 6265 Cookie Processor.

在tomcat8.0上使用的是org.apache.tomcat.util.http.LegacyCookieProcessor

The standard implementation of CookieProcessor is org.apache.tomcat.util.http.LegacyCookieProcessor. Note that it is anticipated that this will change to org.apache.tomcat.util.http.Rfc6265CookieProcessor in a future Tomcat 8 release.

This is the legacy cookie parser based on RFC6265, RFC2109 and RFC2616. It implements a strict interpretation of the cookie specifications. Due to various interoperability issues with browsers not all strict behaviours are enabled by default and additional options are available to further relax the behaviour of this cookie processor if required.
問題就可以定位在CookieProcessor不同實現引起的。

原因分析見下半篇博客：An invalid domain [.test.com] was specified for this cookie 原因分析

解決方法：

指定完整的domain信息，但是這樣單點登錄就會有問題了
Cookie cookie = new Cookie("testCookie", "test");
cookie.setDomain("cml.test.com");
cookie.setPath("/");
cookie.setMaxAge(36000);
resp.addCookie(cookie);

2.設置為一級域名（推薦）

Cookie cookie = new Cookie("testCookie", "test");
cookie.setDomain("test.com");
cookie.setPath("/");
cookie.setMaxAge(36000);
resp.addCookie(cookie);

java.lang.IllegalArgumentException: An invalid domain [.test.com] was specified for this cookie解決方法