We found that Jetty is actually accepting the cookie, but is then looking for the Authorization field from the request header, which is empty. See the logs below:
2024-11-28 01:11:40.627:DEBUG:oejs.AbstractSessionManager:qtp990398217-27: Got Session IDs [<session>.node0] from cookies 1
2024-11-28 01:11:40.627:DEBUG:oejs.ManagedSession:qtp990398217-27: Session <session> in use, stopping timer, active requests=1
2024-11-28 01:11:40.627:DEBUG:oejs.SessionInactivityTimer:qtp990398217-27: Cancelled timer for session <session>
2024-11-28 01:11:40.627:DEBUG:oejs.SessionData:qtp990398217-27: Testing expiry on session <session>: expires at 1732770699429 now 1732756300627 maxIdle 14400000
2024-11-28 01:11:40.627:DEBUG:oejs.AbstractSessionManager:qtp990398217-27: Selected session ManagedSession@3ed13a48{id=node0wnpxvxn4oz86ni6ea6e6olu31,x=<session>.node0,req=1,res=true}
2024-11-28 01:11:40.627:DEBUG:oejs.SessionData:qtp990398217-27: Testing expiry on session <session>: expires at 1732770700627 now 1732756300627 maxIdle 14400000
2024-11-28 01:11:40.627:DEBUG:oejs.SecurityHandler:qtp990398217-27: getConstraint(/cell/list) -> Constraint@16eedee2{exa_rsc,ANY,ANY_USER,[]}
2024-11-28 01:11:40.627:DEBUG:oejs.SecurityHandler:qtp990398217-27: constraintAuthorization ANY_USER
2024-11-28 01:11:40.627:DEBUG:oejs.Response:qtp990398217-27: writeError: status=401, message=null, response=org.eclipse.jetty.ee10.servlet.ServletContextResponse@b202813
Do you have any advice on how to fix this, so that we don't need to check the authorization when the cookie is accepted?
Also, RE Jetty 12.0.15 - it looks like that was an error on our end, and I successfully upgraded to Jetty 12.0.15. Sorry for the confusion there.
Thanks,
Shan Parikh