Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Disappearing Cookies

sure thing

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx


On Wed, Jul 17, 2013 at 3:30 PM, Chris Berry <cberry@xxxxxxxxxxxx> wrote:
Hi Jesse,

Would it be okay if I responded to you privately with the Log statements.
It is not really sensitive data, but just to be on the safe side ;-)

That was my hunch as well.
It was too inconsistent — and being "data-driven" would make sense.

Thanks,
-- Chris

From: Jesse McConnell <jesse.mcconnell@xxxxxxxxx>
Reply-To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Date: Wednesday, July 17, 2013 3:20 PM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] Disappearing Cookies

Chris,

Do you happen to have the header strings from the cookies that seem to not be showing up?  I remember some badly formatted cookies that were getting mangled some time ago that we resolved in more recent releases of Jetty.  Also I see fixes for cookies with unicode characters in them and an issue where there were duplicate cookie names in the same request/response.  Place to start would be getting that header that should contain cookies and go from there.  Also that version is a year old so you might want to consider updating and picking up the handful of cookie fixes since then.

cheers,
jesse

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx


On Wed, Jul 17, 2013 at 11:48 AM, Chris Berry <cberry@xxxxxxxxxxxx> wrote:
Greetings,

We are using Jetty 7.6.5 and are experiencing an odd error.
It appears that this is a Jetty error because when we switch to a different Servlet Engine (i.e. Resin) we do NOT see the same behavior.
But, of course, it could be just another case of pilot error

In a nutshell, we are seeing a Cookie "disappear".

Any ideas ??
Are others seeing this issue ??
Are we perhaps violating some Thread safety concern that we're unaware of ??

Thanks,
Chris Berry

Problem Description
--------------------------
This does not happen consistently and it happens primarily from an AJAX call (although not always)

Here's what we see:
When we execute the following code :

    protected String readCookie(HttpServletRequest request) {
        Cookie cookies[] = request.getCookies();
        Cookie cookie = null;
        if (cookies != null) {
            for (Cookie nextCookie : cookies) {
                if (cookieName.equals(nextCookie.getName())) {
                    cookie = nextCookie;
                    break;
                }
            }
        }
        String cookieValue = (cookie != null) ? cookie.getValue() : null;
        log.info("READING SESSION ID FROM COOKIE (" + cookieValue + ") secure= "
                 + ((cookie != null) ? cookie.getSecure() : "Undefined")
                 + " [" + request.getRequestURI() + "]");
        return cookieValue;
    }

We do NOT get a Cookie. Even though we can see that there IS a Cookie Header present.

So we've had to fallback to this code (when the Cookie is NULL):
Where we can successfully pull out the Cookie value we need.

    protected String readHeader(HttpServletRequest request) {
        String cookieHeaderString = request.getHeader(COOKIE_REQUEST_HEADER_NAME);
        if (null == cookieHeaderString || !cookieHeaderString.contains(DEFAULT_COOKIE_NAME)) {
            log.info("READING SESSION ID FROM HEADER (No header for Cookie) [" + request.getRequestURI() + "]");
            return null;
        }
        String cookieId = null;
        try {
            String[] cookies = cookieHeaderString.split(";");
            for (String cookie : cookies) {
                String[] cookieChunks = cookie.split("=", 2);
                if (DEFAULT_COOKIE_NAME.equals(cookieChunks[0].trim())) {
                    cookieId = cookieChunks[1].trim();
                    break;
                }
            }
        } catch (Exception e) {
            log.warn("Error while retrieving session id from header string: " + cookieHeaderString, e);
        }
        return cookieId;
    }

NOTE:  We are not using any cross-domain AJAX requests.  This occurs with relative path URLs and also normal page requests.



_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users



Back to the top