Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Duplicate valid session cookies?

On 05/04/2022 01:08, Jan Bartel wrote:
Somehow your client is sending 2 session cookies. Maybe you have have a couple of different overlapping cookie paths configured on the server?

No, it just looks like someone has been playing with openssl or the like. There are a series of HEAD and OPTIONS commands from a (known, internal) IP address. There was no login attempt, so perhaps whoever did it is trying a replay attack using session cookies from an earlier session. The only annoyance is it shows up as an unhandled exception, so I get emailed automatically.

--
John English

--
This email has been checked for viruses by AVG.
https://www.avg.com



Back to the top