It is possible to store too many cookies, or cookies that are too large for the header to properly carry. That's not good web programming, but still, it is quite common when one is using a JS framework. If such a set of cookies is constructed and sent to Tomcat as part of a request, Tomcat panics and simply aborts the connection. This leads to a blank screen with no source code on the client's browser. Or, it leads to a cryptic error, like Safari's infamous "CFErrorDomainCFNetwork error 302" that drives many a newsgroup to tears trying to figure out what is going wrong with the server. Expected: return a '400 Bad Request error' like apache does. That would help the user know what is wrong with the request and help find a better resolution to the condition. I am attaching an HTML file that demonstrates this bug. Please run it in Tomcat and Apache as a comparison. I believe Apache handles the situation correctly.
Created attachment 22792 [details] An HTML file that demonstrates the bug.
The safari error is actually kCFErrorDomainCFNetwork error 302.
This has been fixed in trunk and proposed for 6.0.x. Note that no content is returned but the return code is 400. There will also be a log message if debug logging is enabled.
This has been fixed in 6.0.x and will be included in 6.0.19 onwards.