| [jetty-users] 3rd party cookies |
|
Hi,
Story:
My web app which is deployed on jetty is also used inside iframe in another web app. User browser settings are set to not accept 3-rd party cookies. When user first visit the app as 1-st party a cookie with JSESSIONID will be created for him. Then when
he go to app via iframe all requests will have jsessionid inside request params.
Problem:
When Jetty is looking for session it first browse for cookies and then for jsession param in request. And of course it will get wrong session because this one from cookie is old.
Is it a bug or expected behavior ? Does jetty should browse for those cookies ? Or maybe order of looking for session should be different ? It works in glassfish.
Solution:
If its not a bug can it be somehow configurable ? For now i need to provide my own implementation of SessionHandler. Only to reverse order in checkRequestedSessionId method.
I saw that i can disable cookies via property but its not an option.
Waiting for hints.
Cheers,
Michal
|