| Re: [jetty-users] Having issues with session instantiation from cookie by Jetty-9.4.34 |
Hi Jan,
Thanks for the prompt response, I believe that the reason why the session issue was happening was because of a logic in our Servlet
filter that was invoking “addCookie” on HttpServletResponse object, it was causing duplicate copies of same cookie to appear in the response to
the browser, hence the confusion when Jetty tries to instantiate the Session.
We fixed that issue now, but we are now stuck on trying to set “org.eclipse.jetty.servlet.SessionDomain”; how do we let Jetty know what value that
it needs to set for “SessionDomain” within the Servlet context?
Also, how do we let Jetty know to set “Secure; HttpOnly” on Cookies for all responses back to the browser, right now when we set the following attributes in our embedded Jetty
SessionHandler sh = wc.getSessionHandler();
sh.getSessionCookieConfig().setHttpOnly(true);
sh.getSessionCookieConfig().setSecure(true);
sh.getSessionCookieConfig().setPath(null);
_______________________________________________=====================================================These attributes are only present in only a certain set of responses to the browser, this is what we were trying to
achieve when we invoked the “addCookie” on the HttpServletResponse in our filter. Any hint will be appreciated.
Thanks,
Ike
From: jetty-users-bounces@xxxxxxxxxxx <jetty-users-bounces@xxxxxxxxxxx> On Behalf Of Jan Bartel
Sent: Tuesday, January 5, 2021 4:02 AM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] Having issues with session instantiation from cookie by Jetty-9.4.34
** This mail has been sent from an external source **
Hi Eze,
I've opened an issue to track this while I investigate: https://github.com/eclipse/jetty.project/issues/5853
Can you reply to the issue and provide the info I've asked for?
thanks
Jan
On Tue, 5 Jan 2021 at 04:28, Eze Ikonne <ike.ikonne@xxxxxxxxxx> wrote:
Hi all,
I have the following sequence of request/response between my browser and embedded Jetty-9.4.34. I am not sure why
this happening, but I hope that someone might give me an Insight as to what is happening here. Please see the Jetty Debug
below. Jetty is not able to instantiate the session from the cookie Any insight will be highly appreciated.
Request from Browser to Jetty
GET // xxx.xxx.xxx.xxx:18443/SSPDashboard/keepalive HTTP/1.1
Host: xxx.xxx.xxx.xxx:18443
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://xxx.xxx.xxx.xxx:18443/SspJsf/faces/dispatcher.jsp
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0; JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0
Session Established from Cookie (1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq ) by Jetty
2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Got Session ID 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0 from cookie
2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Testing expiry on session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq: expires at 1608768989287 now 1608767191034 maxIdle 1800000
2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Testing expiry on session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq: expires at 1608768991034 now 1608767191034 maxIdle 1800000
2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq accessed, stopping timer, active requests=1
2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Cancelled timer for session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq
2020-12-23 17:46:31,035 [qtp-272100020-24] DEBUG session - sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 session=Session@fdeeb010{id=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq,x=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0,req=1,res=true}
Response back to Browser from Jetty
2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpConnection - org.eclipse.jetty.server.HttpConnection$SendCallback@b6bf946d[PROCESSING][i=HTTP/1.1{s=200,h=12,cl=-1},cb=org.eclipse.jetty.server.HttpChannel$SendCallback@36b30123] generate: NEED_HEADER (null,[p=0,l=368,c=32768,r=368],true)@START
2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpGenerator - generateHeaders HTTP/1.1{s=200,h=12,cl=-1} last=true content=HeapByteBuffer@1f015958[p=0,l=368,c=32768,r=368]={<<<<?xml version="1..../body>\n</html>\n>>>\x0e\x12\x0c>\xDb\xDc>\x13.\x04\xDd\xDc\x0c\x12\x12\n=...mentId); \r\n }
2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpGenerator - cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: same-origin
Content-Security-Policy: unsafe-inline
Set-Cookie: JSESSIONID=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0; Secure; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; Secure; HttpOnly
Content-Type: text/html;charset=utf-8
Next Request from Browser to Jetty
GET // xxx.xxx.xxx.xxx:18443/SSPDashboard/resources/KeepAlive.css HTTP/1.1
Host: xxx.xxx.xxx.xxx:18443
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Accept: text/css,*/*;q=0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: style
Referer: https:// xxx.xxx.xxx.xxx:18443/SSPDashboard/keepalive
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0
Session could not be established by Jetty (Why?)
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 session=null
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load
2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 session=null
=====================================================
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=====================================================_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
Expert assistance from the creators of Jetty and CometD
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=====================================================
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users