Personal tools
Cookies and XPages: an usage instructions not to fail


Apr 14, 2015

Cookies and XPages: an usage instructions not to fail

This article refers to an error that I found using a XPages which passed a cookie set with a particular value, and that generate a strange server side error.

In order to replicate the error, try to follow these steps:
  • create a Form with a HTTP_Cookie field
  • create an action hotspot (i.e. "Test") that make a Javascript post call to a XPage
  • create the XPage (it could be empty)
  • set a cookie with a value that contains the "," character (for example, the string "Responsabile settore cura del territorio, Urbanistica e verde")
  • click the hotspot to make the call

You could obtain the following error (inside error-log-0.xml)

java.lang.IllegalArgumentException: Cookie name "Urbanistica e Verde" is a reserved token at java.lang.Throwable.<init> (
	at javax.servlet.http.Cookie.<init> ( at (

Notice that "Urbanistica e Verde" is exactly the part of the string that follow the "," character in cookie value.

I've made some screenshot about traffic network (with IE development tool), with the requests made. Here the requests (XPage name is AeDSetProgressivo.xsp):

Here the details about a request:

Here the details about cookies sent (as you can see, there are no cookies with the reserved name, the string Urbanistica e Verde is in the value of one of the cookies -> see the red line)

Diagnosis & troubleshooting

Problem seems related to the cookie value, not to the cookie name. Deleting ',' character in cookie, or replacing it with another character, it solve the problem.

In my case, replacing "," with "§V§" string (for example) in JS setCookie function, and replacing it back when i get the cookie value in JS getCookie function.

function setCookie(cookieName, value) {
	value = value.replace(/\,/g,"§V§") <-------------- THIS LINE

function getCookie(cookieName) {
	ret = ret.replace(/§V§/g,",") <----------- THIS LINE
	return ret;

Any comment or suggestion will be appreciated.

Filed under: ,
comments powered by Disqus