Re: [jetty-dev] Cookie Setting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-dev] Cookie Setting

From: " \"\"" <lord.buddha@xxxxxxxxx>
Date: Tue, 24 Nov 2015 18:05:03 +1300
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>

Your request was not on secure. If not on secure, the client will not send any cookie that was marked as secure.

On 24 Nov 2015 3:44 p.m., "Jojada Tirtowidjojo" <jojada@xxxxxxxxx> wrote:

Hi Guys,

I am using Jetty 9.3.6 and Myfaces 2.2.8 and my setting in the web.xml is:
<session-config>
<session-timeout>240</session-timeout>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>

When I first visit the login page, the Http Response Headers from the server is
HTTP/1.1 200 OK Date: Tue, 24 Nov 2015 02:24:22 GMT Set-Cookie: JSESSIONID=11cp2c2bxz66fgyqfso1mrcgw;Path=/TeraTextRS;Secure;HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: text/html;charset=utf-8 Transfer-Encoding: chunked Server: Jetty(9.3.6.v20151106)
I can see the 'Set-Cookie' header is set by the server.
However, when I submit the login form, the Http Request Headers from the client is:
POST /TeraTextRS/pages/login.rs HTTP/1.1 Host: localhost:7620 Connection: keep-alive Content-Length: 157 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: http://localhost:7620 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36 Content-Type: application/x-www-form-urlencoded DNT: 1 Referer: http://localhost:7620/TeraTextRS/pages/login.rs Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8
There isn't 'Cookie' header in the request.
The client is Chrome and I have already set its Cookies setting to 'Allow local data to be set'.

Would anyone please give a comment on what has possibly gone wrong ?

Thank you.

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev

References:
- [jetty-dev] Cookie Setting
  - From: Jojada Tirtowidjojo

Prev by Date: [jetty-dev] Cookie Setting
Next by Date: [jetty-dev] Jetty 9.4 Configuration
Previous by thread: [jetty-dev] Cookie Setting
Next by thread: [jetty-dev] Jetty 9.4 Configuration
Index(es):
- Date
- Thread

Breadcrumbs