Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Newcomers » Newcomers » HTTPS to HTTP cookie issue(cookie config issue when switching between https and http)
HTTPS to HTTP cookie issue [message #1799140] Fri, 30 November 2018 11:39 Go to next message
sumanth m is currently offline sumanth mFriend
Messages: 1
Registered: November 2018
Junior Member
I have an issue when I login to my machine via HTTPS and then try to login via HTTP.
However, when I clear site data, I can successfully login via HTTP. The problem occur when I login via HTTPS --> logout --> login via HTTP - I can't login again unless I clear site data.
This behaviour is observed after upgrading from jetty 4.2.24 to jetty 9.2.25.

I have tried to fix this by making 'secure' cookie option as false, which is not working.

Am using Jetty 9.2.25 which has Servlet 3.1. I have below cookie configuration in my web.xml

<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>false</secure>
</cookie-config>
</session-config>

When I set this secure flag as true, it's working as expected. But when I set it as false as shown above and access https site, the secure flag is getting modified to true and I am not able to access http site. I don't understand how is this happening? Is this the default behaviour of jetty 9.2.25 or servlet 3.1? I tried to check the Servlet release notes, but there's no such update. pl. provide any documentation links if this behaviour has been recorded as any update.

Any idea regarding this behaviour?

How can I make the secure as false when I access https by default or how to override this flag when I come back to http?

Thanks in advance.

Report message to a moderator

Re: HTTPS to HTTP cookie issue [message #1799158 is a reply to message #1799140] Fri, 30 November 2018 16:22 Go to previous message
Denis Roy is currently offline Denis RoyFriend
Messages: 484
Registered: October 2004
Location: Ottawa, Ontario, Canada
Senior Member
I don't know how many Jetty experts you'll find here. The Jetty project does have a 'users' mailing list you could try if you don't get a response:

https://www.eclipse.org/jetty/mailinglists.html

Denis Roy
Eclipse Webmaster -- webmaster@eclipse.org

Report message to a moderator

Previous Topic:linking TextIO to Eclipse Java Project
Next Topic:Can't avoid "cannot be resolved to a type" (Eclipse/JbossStudio)
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Apr 25 16:11:20 GMT 2024

Powered by FUDForum. Page generated in 0.08380 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly