Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Having issues with session instantiation from cookie by Jetty-9.4.34
  • From: Eze Ikonne <ike.ikonne@xxxxxxxxxx>
  • Date: Wed, 6 Jan 2021 15:59:58 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aricent.com; dmarc=pass action=none header.from=aricent.com; dkim=pass header.d=aricent.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qAM1HoTA7gaVfWj9G9DpltAUuMA2D5K/w9JpzPuFrq4=; b=lha0Leplc1DBLb0XkBlkqprCNDoJphJ2zdYOPuIwVCCX/FblyPQE6AgDhdCJMcVnipiao9g3dtVIzinn7BfCdy+RaHos+pTlC347+M9e2NqGlo95Qvk0KNQo8gFxo+wwWo+FGh02MM+cQTsrUNAU8n6YPlsgfTCcYiDTxSTX2rTn/DtYcfOFwQJ8iVyx49x5JmZnxiGUs4d8FleFrkTIJilAVeVfryZaK2K3t69JzgW0EAMoQ2x12u50THyo2z54JSqB2hTBg9TLs4Svnsep6KW3w/vxC12KkbqYiocduhhJkMboXem2Vzi2ktlucW+27UKYm/2b9CJTXWAueSk/vw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YE9jDgJKl/FVOH/IpQkD77K4Kw/8L74OqnhctUi1DtORT9O3jVXDOqI6cPjaNF9pBpia1WoHhZV8RXRx5IkD506XmSxssWU09+u3Ibp4jy5IrJkBXTiXV9/03IxEThoRHk+dlq3q7EzFO1rIbm5xvl0Z3sdZL8YovDJbGNO2cZtafOFUKTgJPB5AxK7lv2KbkPI1nYRhzVCPCDPE1xQCfiBZv59d4EFBa4A7ObFKLzqBc7R1j1b3yE5gxKOa6hYfR3SBpcb7tYnIZj9pffLmzUywByC9tIXCr0ONTNvaun52Ua5m0Y6W5m9vjTCNPEl9OPCOe/lzZCey/aWVZUjUIA==
  • Delivered-to: jetty-users@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
  • List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AdbjEj0AMG4aJ39XQQKce1uQ73z1RQAN4RaAACDaibAAFATvAAAJ6jgA
  • Thread-topic: [jetty-users] Having issues with session instantiation from cookie by Jetty-9.4.34

Hi Jan,

 

Thanks so very much, much appreciated.

 

Ike

 

From: jetty-users <jetty-users-bounces@xxxxxxxxxxx> On Behalf Of Jan Bartel
Sent: Wednesday, January 6, 2021 5:16 AM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] Having issues with session instantiation from cookie by Jetty-9.4.34

 

** This mail has been sent from an external source **

 

Eze,

 

OK, I will close the issue I opened.

 

Other answers inline below.

 

regards

Jan

 

 

On Wed, 6 Jan 2021 at 02:58, Eze Ikonne <ike.ikonne@xxxxxxxxxx> wrote:

Hi Jan,

 

Thanks for the prompt response, I believe that the reason why the session issue was happening was because of a logic in our Servlet

filter that was invoking “addCookie” on HttpServletResponse object, it was causing duplicate copies of same cookie to appear in the response to

the browser, hence the confusion when Jetty tries to instantiate the Session.

 

We fixed that issue now, but we are now stuck on trying to set  “org.eclipse.jetty.servlet.SessionDomain”; how do we let Jetty know what value that

it needs to set for “SessionDomain” within the Servlet context?

 

If you want to explicitly set the domain on the session cookies, you either set the servlet context init param  "org.eclipse.jetty.servlet.SessionDomain" or you call

SessionHandler.getSessionCookieConfig().setDomain(String). 

 

 

Also, how do we let Jetty know to set  “Secure; HttpOnly” on Cookies for all responses back to the browser, right now when we set the following attributes in our embedded Jetty

 

SessionHandler sh = wc.getSessionHandler();

sh.getSessionCookieConfig().setHttpOnly(true);

sh.getSessionCookieConfig().setSecure(true);

sh.getSessionCookieConfig().setPath(null);

 

You don't have to call setPath(null), it is null by default. Your code above ensures that "Secure; HttpOnly" will be set on all session cookies generated by that context. If you want those set on all cookies that your app creates, then you have to ensure that you set them in the cookie that you pass into the HttpServletResponse.addCookie(Cookie) call.

 

These attributes are only present in only a certain set of responses to the browser, this is what we were trying to

achieve when we invoked the “addCookie” on the HttpServletResponse in our filter. Any hint will be appreciated.

 

Thanks,

 

Ike

 

 

From: jetty-users-bounces@xxxxxxxxxxx <jetty-users-bounces@xxxxxxxxxxx> On Behalf Of Jan Bartel
Sent: Tuesday, January 5, 2021 4:02 AM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] Having issues with session instantiation from cookie by Jetty-9.4.34

 

** This mail has been sent from an external source **

 

Hi Eze,

 

I've opened an issue to track this while I investigate:  https://github.com/eclipse/jetty.project/issues/5853

 

Can you reply to the issue and provide the info I've asked for?

 

thanks

Jan

 

On Tue, 5 Jan 2021 at 04:28, Eze Ikonne <ike.ikonne@xxxxxxxxxx> wrote:

Hi all,

 

I have the following sequence of request/response between my browser and embedded Jetty-9.4.34. I am not sure why

this happening, but I hope that someone might give me an Insight as to what is happening here. Please see the Jetty Debug

below.  Jetty is not able to instantiate the session from the cookie Any insight will be highly appreciated.

 

Request from Browser to Jetty

 

GET // xxx.xxx.xxx.xxx:18443/SSPDashboard/keepalive HTTP/1.1

Host: xxx.xxx.xxx.xxx:18443

Connection: keep-alive

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Sec-Fetch-Site: same-origin

Sec-Fetch-Mode: navigate

Sec-Fetch-Dest: iframe

Referer: https://xxx.xxx.xxx.xxx:18443/SspJsf/faces/dispatcher.jsp

Accept-Encoding: gzip, deflate, br

Accept-Language: en-US,en;q=0.9

Cookie: JSESSIONID=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0; JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0

 

Session Established from Cookie (1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq ) by Jetty

 

2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Got Session ID 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0 from cookie

2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Testing expiry on session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq: expires at 1608768989287 now 1608767191034 maxIdle 1800000

2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Testing expiry on session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq: expires at 1608768991034 now 1608767191034 maxIdle 1800000

2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq accessed, stopping timer, active requests=1

2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Cancelled timer for session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq

2020-12-23 17:46:31,035 [qtp-272100020-24] DEBUG session - sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 session=Session@fdeeb010{id=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq,x=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0,req=1,res=true}

 

 

Response back to Browser from Jetty

 

2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpConnection - org.eclipse.jetty.server.HttpConnection$SendCallback@b6bf946d[PROCESSING][i=HTTP/1.1{s=200,h=12,cl=-1},cb=org.eclipse.jetty.server.HttpChannel$SendCallback@36b30123] generate: NEED_HEADER (null,[p=0,l=368,c=32768,r=368],true)@START

2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpGenerator - generateHeaders HTTP/1.1{s=200,h=12,cl=-1} last=true content=HeapByteBuffer@1f015958[p=0,l=368,c=32768,r=368]={<<<<?xml version="1..../body>\n</html>\n>>>\x0e\x12\x0c>\xDb\xDc>\x13.\x04\xDd\xDc\x0c\x12\x12\n=...mentId); \r\n    }

2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpGenerator - cache-control: no-store, no-cache, must-revalidate

pragma: no-cache

X-Frame-Options: SAMEORIGIN

X-Content-Type-Options: nosniff

X-XSS-Protection: 1

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Referrer-Policy: same-origin

Content-Security-Policy: unsafe-inline

Set-Cookie: JSESSIONID=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0; Secure; HttpOnly

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Set-Cookie: JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; Secure; HttpOnly

Content-Type: text/html;charset=utf-8

 

Next Request from Browser to Jetty

 

GET // xxx.xxx.xxx.xxx:18443/SSPDashboard/resources/KeepAlive.css HTTP/1.1

Host: xxx.xxx.xxx.xxx:18443

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36

Accept: text/css,*/*;q=0.1

Sec-Fetch-Site: same-origin

Sec-Fetch-Mode: no-cors

Sec-Fetch-Dest: style

Referer: https:// xxx.xxx.xxx.xxx:18443/SSPDashboard/keepalive

Accept-Encoding: gzip, deflate, br

Accept-Language: en-US,en;q=0.9

Cookie: JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0

 

Session could not be established by Jetty (Why?)

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 session=null

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load

2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 session=null

 

=====================================================
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=====================================================

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users


 

--

Jan Bartel <janb@xxxxxxxxxxx>

www.webtide.com
Expert assistance from the creators of Jetty and CometD

 

=====================================================
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=====================================================

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users


 

--

Jan Bartel <janb@xxxxxxxxxxx>

www.webtide.com
Expert assistance from the creators of Jetty and CometD

 

=====================================================
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=====================================================

Back to the top