[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] Duplicate valid session cookies?
|
On 05/04/2022 12:51, Jan Bartel wrote:
Well, a proper client shouldn't be sending more than one cookie of the
same name for the same path and domain. If jetty receives multiple
session cookies, we look through them all (because we've had previous
reports of badly configured clients and apps) to find the one that is
valid. If we find more than one valid cookie, we don't know which one to
use, so we log it as an error.
Presumably the cookies could be pasted in by hand, though.
FWIW, here are the log entries that alerted me:
x.x.x.x - - [04/Apr/2022:09:37:30 +0000] "OPTIONS /home/ HTTP/1.1" 400 0
x.x.x.x - - [04/Apr/2022:09:37:30 +0000] "HEAD /home HTTP/1.1" 400 0
x.x.x.x - - [04/Apr/2022:09:37:32 +0000] "OPTIONS /home/ HTTP/1.1" 400 0
x.x.x.x - - [04/Apr/2022:09:37:33 +0000] "HEAD /home HTTP/1.1" 400 0
They don't look to me like something a browser would send.
Thanks for the help,
--
John English
--
This email has been checked for viruses by AVG.
https://www.avg.com
