As simple as possible, as complex as necessary

Preventing invalid cookie errors being logged when making Lucee http calls

1 November 2016

Looking through our production Lucee/Tomcat logs for something unrelated the other day, I noticed a huge number of entries like the following in the lucee-stdout logs.

- Invalid cookie header: "Set-Cookie: GU_mvt_id=864129; expires=Sun, 29 Jan 2017 14:44:18 GMT; path=/;". Invalid 'expires' attribute: Sun, 29 Jan 2017 14:44:18 GMT

According to the cookie http spec, that looks like a perfectly valid "expires" date value, so why it's being logged as otherwise is puzzling.

Http components

The code triggering these events uses the script implementation of cffeed to gather some of the Guardian's RSS feeds, but the same thing happens using cfhttp to request those particular URLs. Since both use the bundled Apache Http Components this isn't surprising. I tried updating the Apache jar files to the latest release with no effect.

A little testing seemed to show that the Apache client expects the day, month and year date parts to be separated by hyphens and not spaces, i.e.

Sun, 29-Jan-2017 14:44:18 GMT

and not this:

Sun, 29 Jan 2017 14:44:18 GMT

Changing the log settings

Unfortunately this isn't much help since I clearly have no control over the format the Guardian chooses to use (and their choice is correct per the spec).

What I can do though is stop the "errors" being logged. There seems to be no way of doing so using CFML, but dropping down to java I was able to influence the logging behaviour of this specific http operation so that only really serious errors are logged.

void function preventInvalidCookieLogging(){
	var httpResponseCookieLogger = CreateObject( "java", "org.apache.log4j.Logger" ).getLogger( "org.apache.http.client.protocol.ResponseProcessCookies" );
	var currentLogLevel = httpResponseCookieLogger.getLevel();
	if( !IsNull( currentLogLevel ) AND currentLogLevel.toString() IS "FATAL" )
		return; // the log level is already as we want it
	logLevel = CreateObject( "java", "org.apache.log4j.Level" );
	httpResponseCookieLogger.setLevel( logLevel.FATAL );

Calling this method prior to making the feed or http requests means no more unnecessarily bloated logs.

Posted on . Updated


  • Formatting comments: See this list of formatting tags you can use in your comments.
  • Want to paste code? Enclose within <pre><code> tags for syntax higlighting and better formatting and if possible use script. If your code includes "self-closing" tags, such as <cfargument>, you must add an explicit closing tag, otherwise it is likely to be mangled by the Disqus parser.
Back to the top