Hi all, We use embedded Jetty within our application, and we are trying to understand the conditions under which Jetty returns the secure/httpOnly cookie attributes back to the client. I have the following flows captured using the Fiddler, first, the Secure/HttpOnly attribute is not being returned all the time with responses to the client. Also, in the response to the GET request, the JSESSIONID=3zynssqhqzej was not returned back to the client instead path=/MPSDashboard/faces was returned. I would appreciate it if someone could shade some light as to what is going on.
Thanks, Ike HTTP/1.1 302 Found X-Frame-Options: SAMEORIGIN Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: JSESSIONID=3zynssqhqzej;Path=/MPSDashboard;Secure;HttpOnly Location: https://localhost:7777/MPSDashboard/faces/configuration.jsp Content-Length: 0 Server: Jetty(7.0.1.v20091125) GET https://localhost:7777/MPSPDashboard/faces/configuration.jsp HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */* Referer: https://localhost:7777/MPsDashboard/faces/logon.jsp Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.2; .NET4.0E; BOIE9;ENUS) Accept-Encoding: gzip, deflate Host: localhost:7777 Connection: Keep-Alive Cache-Control: no-cache Cookie: form1:configTreeInner-expand=null; form1:configTreeInner-hi=form1:configTreeInner:policies:NODE_0; JSESSIONID=3zynssqhqzej HTTP/1.1 200 OK X-Frame-Options: SAMEORIGIN Content-Type: text/html;charset=UTF-8 Content-Language: en-US Transfer-Encoding: chunked Server: Jetty(7.0.1.v20091125) Cookie: form1:configTreeInner-expand=null; form1:configTreeInner-hi=form1:configTreeInner:policies:NODE_0; path=/MPSDashboard/faces
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
