Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Unable to Authenticate Session with Cookie in Jetty 12


Shan,

We need a bit more information to help.

What environment are you using? EE10?
Is this going to a webapp or an programmatic context?
How is your custom login module/mechanism installed/implemented?

Does curl send the cookie with the request that gets the 401 response?

regards





On Tue, 26 Nov 2024 at 08:50, Shan Parikh via jetty-users <jetty-users@xxxxxxxxxxx> wrote:
Hi, 

I am currently running Jetty 11 and looking to upgrade to Jetty 12 because of the upcoming end of life for Jetty 11 in Jan 2025. 

I have gotten the server running after reconfiguring some of the modules and XML files. However, we are having some issues with authentication that were not present in the Jetty 11 configuration. 

We have a custom login module that gets triggered when we POST to the /login/ endpoint with the login information (base 64 encoding of username + password). We are able to login, and get a cookie in the response that corresponds to a session. 

However, when we send a curl request (or post a request through Java) using this cookie (without the login information), we always receive a 401: unauthorized error. This same request goes through to the same server running Jetty 11, so it has to be a server side issue. 

For reference, when sending requests through Java we are using the CookieManager and CookieStore classes, which seem to automatically populate the session information. 

Are there any changes to how Jetty 12 processes cookies that would prevent us from accepting cookies? Is there any debug information I could include that would help address this issue?

Thanks for your help, 
Shan Parikh


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users


--

Back to the top