Re: [jetty-users] Session Cookie question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Session Cookie question

From: Joakim Erdfelt <joakim@xxxxxxxxxxx>
Date: Wed, 20 Mar 2013 12:50:17 -0700
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Wow, Jetty 7.0.1 (released November 2009, there have been 94 releases of Jetty since then)

Since you want reliable and consistent secure cookies, I'd recommend upgrading to Jetty 7.6.0 (or newer).

Bug https://bugs.eclipse.org/361135 might be affecting you.

Joakim Erdfelt <joakim@xxxxxxxxxxx>

webtide.com

Developer advice, services and support
from the Jetty & CometD experts

eclipse.org/jetty - cometd.org

On Wed, Mar 20, 2013 at 12:29 PM, Ike Ikonne <iikonne@xxxxxxxxxx> wrote:

Hi all,

We use embedded Jetty within our application, and we are trying to understand the conditions
under which Jetty returns the secure/httpOnly cookie attributes back to the client. I have the following
flows captured using the Fiddler, first, the Secure/HttpOnly attribute is not being returned all the time
with responses to the client. Also, in the response to the GET request, the JSESSIONID=3zynssqhqzej
was not returned back to the client instead path=/MPSDashboard/faces was returned. I would appreciate
it if someone could shade some light as to what is going on.

Thanks,

Ike

HTTP/1.1 302 Found
X-Frame-Options: SAMEORIGIN
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=3zynssqhqzej;Path=/MPSDashboard;Secure;HttpOnly
Location: https://localhost:7777/MPSDashboard/faces/configuration.jsp
Content-Length: 0
Server: Jetty(7.0.1.v20091125)

GET https://localhost:7777/MPSPDashboard/faces/configuration.jsp HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
Referer: https://localhost:7777/MPsDashboard/faces/logon.jsp
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.2; .NET4.0E; BOIE9;ENUS)
Accept-Encoding: gzip, deflate
Host: localhost:7777
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: form1:configTreeInner-expand=null; form1:configTreeInner-hi=form1:configTreeInner:policies:NODE_0; JSESSIONID=3zynssqhqzej

HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Transfer-Encoding: chunked
Server: Jetty(7.0.1.v20091125)
Cookie: form1:configTreeInner-expand=null; form1:configTreeInner-hi=form1:configTreeInner:policies:NODE_0; path=/MPSDashboard/faces

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users

References:
- [jetty-users] Session Cookie question
  - From: Ike Ikonne

Prev by Date: [jetty-users] Session Cookie question
Next by Date: Re: [jetty-users] jetty and websockets
Previous by thread: [jetty-users] Session Cookie question
Next by thread: [jetty-users] Single Sign On Across Webapps
Index(es):
- Date
- Thread

Breadcrumbs