Hi Jan, Thanks for the prompt response, I believe that the reason why the session issue was happening was because of a logic in our Servlet filter that was invoking “addCookie” on HttpServletResponse object, it was causing duplicate copies of same cookie to appear in the response to the browser, hence the confusion when Jetty tries to instantiate the Session.
We fixed that issue now, but we are now stuck on trying to set “org.eclipse.jetty.servlet.SessionDomain”; how do we let Jetty know what value that it needs to set for “SessionDomain” within the Servlet context? Also, how do we let Jetty know to set “Secure; HttpOnly” on Cookies for all responses back to the browser, right now when we set the following attributes in our embedded Jetty SessionHandler sh = wc.getSessionHandler(); sh.getSessionCookieConfig().setHttpOnly(true); sh.getSessionCookieConfig().setSecure(true); sh.getSessionCookieConfig().setPath(null); These attributes are only present in only a certain set of responses to the browser, this is what we were trying to achieve when we invoked the “addCookie” on the HttpServletResponse in our filter. Any hint will be appreciated. Thanks, Ike From: [email protected] <[email protected]> On Behalf Of Jan Bartel Sent: Tuesday, January 5, 2021 4:02 AM To: JETTY user mailing list <[email protected]> Subject: Re: [jetty-users] Having issues with session instantiation from cookie by Jetty-9.4.34 ** This mail has been sent from an external source ** Hi Eze, I've opened an issue to track this while I investigate: https://github.com/eclipse/jetty.project/issues/5853<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_eclipse_jetty.project_issues_5853&d=DwMFaQ&c=cxWN2QSDopt5SklNfbjIjg&r=9EhYabrbBNvJhLb9eW1k973v8ouhMLndFRJB8Bp9aFE&m=0O-4Jf47DcPg8f7IcJ5o7VcQr2FkxHwhoq94BHCV2e0&s=q1FxjB8S437dQVR6KDB2DT-Xk419sv-VM8o9J517s0w&e=> Can you reply to the issue and provide the info I've asked for? thanks Jan On Tue, 5 Jan 2021 at 04:28, Eze Ikonne <[email protected]<mailto:[email protected]>> wrote: Hi all, I have the following sequence of request/response between my browser and embedded Jetty-9.4.34. I am not sure why this happening, but I hope that someone might give me an Insight as to what is happening here. Please see the Jetty Debug below. Jetty is not able to instantiate the session from the cookie Any insight will be highly appreciated. Request from Browser to Jetty GET // xxx.xxx.xxx.xxx:18443/SSPDashboard/keepalive HTTP/1.1 Host: xxx.xxx.xxx.xxx:18443 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://xxx.xxx.xxx.xxx:18443/SspJsf/faces/dispatcher.jsp<https://urldefense.proofpoint.com/v2/url?u=https-3A__xxx.xxx.xxx.xxx-3A18443_SspJsf_faces_dispatcher.jsp&d=DwMFaQ&c=cxWN2QSDopt5SklNfbjIjg&r=9EhYabrbBNvJhLb9eW1k973v8ouhMLndFRJB8Bp9aFE&m=0O-4Jf47DcPg8f7IcJ5o7VcQr2FkxHwhoq94BHCV2e0&s=S7k9g5fsH7DVu1WsQVwpPDuPdw1ruawFR10mMOA0bG4&e=> Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0; JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 Session Established from Cookie (1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq ) by Jetty 2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Got Session ID 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0 from cookie 2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Testing expiry on session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq: expires at 1608768989287 now 1608767191034 maxIdle 1800000 2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Testing expiry on session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq: expires at 1608768991034 now 1608767191034 maxIdle 1800000 2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq accessed, stopping timer, active requests=1 2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Cancelled timer for session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq 2020-12-23 17:46:31,035 [qtp-272100020-24] DEBUG session - sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 session=Session@fdeeb010{id=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq,x=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0,req=1,res=true}<mailto:session=Session@fdeeb010%7bid=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq,x=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0,req=1,res=true%7d> Response back to Browser from Jetty 2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpConnection - org.eclipse.jetty.server.HttpConnection$SendCallback@b6bf946d[PROCESSING][i=HTTP/1.1{s=200,h=12,cl=-1},cb=org.eclipse.jetty.server.HttpChannel$SendCallback@36b30123<mailto:org.eclipse.jetty.server.HttpConnection$SendCallback@b6bf946d[PROCESSING][i=HTTP/1.1%7bs=200,h=12,cl=-1%7d,cb=org.eclipse.jetty.server.HttpChannel$SendCallback@36b30123>] generate: NEED_HEADER (null,[p=0,l=368,c=32768,r=368],true)@START 2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpGenerator - generateHeaders HTTP/1.1{s=200,h=12,cl=-1} last=true content=HeapByteBuffer@1f015958[p=0,l=368,c=32768,r=368]={<<<<?xml version="1..../body>\n</html>\n>>>\x0e\x12\x0c>\xDb\xDc>\x13.\x04\xDd\xDc\x0c\x12\x12\n=...mentId); \r\n } 2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpGenerator - cache-control: no-store, no-cache, must-revalidate pragma: no-cache X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Referrer-Policy: same-origin Content-Security-Policy: unsafe-inline Set-Cookie: JSESSIONID=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0; Secure; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; Secure; HttpOnly Content-Type: text/html;charset=utf-8 Next Request from Browser to Jetty GET // xxx.xxx.xxx.xxx:18443/SSPDashboard/resources/KeepAlive.css HTTP/1.1 Host: xxx.xxx.xxx.xxx:18443 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 Accept: text/css,*/*;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https:// xxx.xxx.xxx.xxx:18443/SSPDashboard/keepalive Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 Session could not be established by Jetty (Why?) 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 session=null 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, attempting to load 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 session=null ===================================================== Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. ===================================================== _______________________________________________ jetty-users mailing list [email protected]<mailto:[email protected]> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users -- Jan Bartel <[email protected]<mailto:[email protected]>> www.webtide.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.webtide.com&d=DwMFaQ&c=cxWN2QSDopt5SklNfbjIjg&r=9EhYabrbBNvJhLb9eW1k973v8ouhMLndFRJB8Bp9aFE&m=0O-4Jf47DcPg8f7IcJ5o7VcQr2FkxHwhoq94BHCV2e0&s=EgYW1P_OrvERCulcSjFDGp5zpTw2ek_Ca8VjetglUFQ&e=> Expert assistance from the creators of Jetty and CometD ===================================================== Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. =====================================================
_______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
