It seems Tomcat has implemented the RFC standards in the latest version which doesn't allow "=" sign in the cookie value. But in our organization, we authenticate the user by an encrypted cookie. Its a different team which creates the cookie and it is being consumed by many applications. This cookie has the "=" sign in the value. We were fine until we used Tomcat 5.5.20. But when we want to upgrade to 6.0.18, we are facing issue and the funcationallity is completly broken. Is there any solution available. Note: we cannot go ahead and ask to change the cookie value delimited by another notation now,as all the applications will get impacted.
Workarounds are available. Further advice is available via the users list if required.
Please Use the tomcat user mailing list as a support forum.
Since 6.0.24 there is a configuration option, that allows '=' in the cookie value. See http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html *** This bug has been marked as a duplicate of bug 44679 ***