Re: [jetty-dev] session invalidation for multiple requests on the same s

[rajiv jain <er.rajeevjain@xxxxxxxxx>]

more errors 

05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.session:qtp1068934215-3598: SessionHandler.doScope

05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.CookieCutter:qtp1068934215-3598: 

java.lang.IllegalArgumentException: Cookie name "HttpOnly;$Path" is a reserved token

at javax.servlet.http.Cookie.<init>(Cookie.java:192)

at org.eclipse.jetty.server.CookieCutter.parseFields(CookieCutter.java:265)

at org.eclipse.jetty.server.CookieCutter.getCookies(CookieCutter.java:68)

at org.eclipse.jetty.server.Request.getCookies(Request.java:784)

at org.eclipse.jetty.server.session.SessionHandler.checkRequestedSessionId(SessionHandler.java:1731)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1649)

at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)

at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)

at org.eclipse.jetty.server.Server.handle(Server.java:505)

at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)

at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)

at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:427)

at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:321)

at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)

On Thu, May 16, 2019 at 10:37 AM rajiv jain <er.rajeevjain@xxxxxxxxx> wrote:

Hi,

Another blocker.

Earlier it worked by keeping secure and httponly flag as false under cookie-config in web.xml.

After marking them as true it stopped working again. Stopped working means, for concurrent requests, session are being invalidated. 

Also I am getting closedchannelException very frequent as below

java.nio.channels.ClosedChannelException

at org.eclipse.jetty.io.FillInterest.onClose(FillInterest.java:150)

at org.eclipse.jetty.io.AbstractEndPoint.onClose(AbstractEndPoint.java:354)

at org.eclipse.jetty.io.ChannelEndPoint.onClose(ChannelEndPoint.java:215)

at org.eclipse.jetty.io.AbstractEndPoint.doOnClose(AbstractEndPoint.java:225)

at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:192)

at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:175)

Kindly let me know in case you need any other details.

Regards..!

On Tue, May 14, 2019 at 4:38 PM rajiv jain <er.rajeevjain@xxxxxxxxx> wrote:

cool, after enabling the logs, I got the issue. It was failing since I did wrong configuration of sessioncache and sessiondatastore instances.

Thank you very much you all..! Awesome.

On Tue, May 14, 2019 at 4:28 PM Jan Bartel <janb@xxxxxxxxxxx> wrote:

Can you please enable debug for org.eclipse.jetty.server.session and post some log fragments showing the problem, plus all your configuration code for sessions.

Jan

On Tue., 14 May 2019, 10:10 rajiv jain, <er.rajeevjain@xxxxxxxxx> wrote:

Thanks for the reply.

Sure I will provide further information. Yes we have authentication implemented with loginservice. 

These multiple request are from the same client for a given session, post to authentication. 

On Tue, May 14, 2019 at 1:31 PM Greg Wilkins <gregw@xxxxxxxxxxx> wrote:

We need a lot more information than you have provided to help diagnose. What are the multiple requests? Are they all authenticated? When does auth happen? How?

On Tue., 14 May 2019, 09:10 rajiv jain, <er.rajeevjain@xxxxxxxxx> wrote:

Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory. 

Still we are realizing session invalidated for subsequent requests on the same session.

Please help with your expert recommendations on this.

Regards,

Rajiv Jain

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev