[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jetty-dev] HTTPS to HTTP cookie issue(cookie config issue when switching between https and http)
|
I have an issue when I login to my machine via HTTPS and then try to login via HTTP.
However, when I clear site data, I can successfully login via HTTP. The
problem occur when I login via HTTPS --> logout --> login via HTTP
- I can't login again unless I clear site data.
This behaviour is observed after upgrading from jetty 4.2.24 to jetty 9.2.25.
I have tried to fix this by making 'secure' cookie option as false, which is not working.
Am using Jetty 9.2.25 which has Servlet 3.1. I have below cookie configuration in my web.xml
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>false</secure>
</cookie-config>
</session-config>
When I set this secure flag as true, it's working as expected. But when I
set it as false as shown above and access https site, the secure flag
is getting modified to true and I am not able to access http site. I
don't understand how is this happening? Is this the default behaviour of
jetty 9.2.25 or servlet 3.1? I tried to check the Servlet release
notes, but there's no such update. pl. provide any documentation links
if this behaviour has been recorded as any update.
Any idea regarding this behaviour?
How can I make the secure as false when I access https by default or how to override this flag when I come back to http?
Thanks in advance.