Eze, OK, I will close the issue I opened.
Other answers inline below. regards Jan On Wed, 6 Jan 2021 at 02:58, Eze Ikonne <[email protected]> wrote: > Hi Jan, > > > > Thanks for the prompt response, I believe that the reason why the session > issue was happening was because of a logic in our Servlet > > filter that was invoking “addCookie” on HttpServletResponse object, it was > causing duplicate copies of same cookie to appear in the response to > > the browser, hence the confusion when Jetty tries to instantiate the > Session. > > > > We fixed that issue now, but we are now stuck on trying to set > “org.eclipse.jetty.servlet.SessionDomain”; > how do we let Jetty know what value that > > it needs to set for “SessionDomain” within the Servlet context? > If you want to explicitly set the domain on the session cookies, you either set the servlet context init param "org.eclipse.jetty.servlet.SessionDomain" or you call SessionHandler.getSessionCookieConfig().setDomain(String). > > Also, how do we let Jetty know to set “Secure; HttpOnly” on Cookies for > all responses back to the browser, right now when we set the following > attributes in our embedded Jetty > > > > SessionHandler sh = wc.getSessionHandler(); > > sh.getSessionCookieConfig().setHttpOnly(true); > > sh.getSessionCookieConfig().setSecure(true); > > sh.getSessionCookieConfig().setPath(null); > You don't have to call setPath(null), it is null by default. Your code above ensures that "Secure; HttpOnly" will be set on all session cookies generated by that context. If you want those set on all cookies that your app creates, then you have to ensure that you set them in the cookie that you pass into the HttpServletResponse.addCookie(Cookie) call. > These attributes are only present in only a certain set of responses to > the browser, this is what we were trying to > > achieve when we invoked the “addCookie” on the HttpServletResponse in our > filter. Any hint will be appreciated. > > > > Thanks, > > > > Ike > > > > > > *From:* [email protected] <[email protected]> *On > Behalf Of *Jan Bartel > *Sent:* Tuesday, January 5, 2021 4:02 AM > *To:* JETTY user mailing list <[email protected]> > *Subject:* Re: [jetty-users] Having issues with session instantiation > from cookie by Jetty-9.4.34 > > > > ** This mail has been sent from an external source ** > > > > Hi Eze, > > > > I've opened an issue to track this while I investigate: > https://github.com/eclipse/jetty.project/issues/5853 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_eclipse_jetty.project_issues_5853&d=DwMFaQ&c=cxWN2QSDopt5SklNfbjIjg&r=9EhYabrbBNvJhLb9eW1k973v8ouhMLndFRJB8Bp9aFE&m=0O-4Jf47DcPg8f7IcJ5o7VcQr2FkxHwhoq94BHCV2e0&s=q1FxjB8S437dQVR6KDB2DT-Xk419sv-VM8o9J517s0w&e=> > > > > Can you reply to the issue and provide the info I've asked for? > > > > thanks > > Jan > > > > On Tue, 5 Jan 2021 at 04:28, Eze Ikonne <[email protected]> wrote: > > Hi all, > > > > I have the following sequence of request/response between my browser and > embedded Jetty-9.4.34. I am not sure why > > this happening, but I hope that someone might give me an Insight as to > what is happening here. Please see the Jetty Debug > > below. Jetty is not able to instantiate the session from the cookie Any > insight will be highly appreciated. > > > > Request from Browser to Jetty > > > > GET // xxx.xxx.xxx.xxx:18443/SSPDashboard/keepalive HTTP/1.1 > > Host: xxx.xxx.xxx.xxx:18443 > > Connection: keep-alive > > Upgrade-Insecure-Requests: 1 > > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 > > Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 > > Sec-Fetch-Site: same-origin > > Sec-Fetch-Mode: navigate > > Sec-Fetch-Dest: iframe > > Referer: https://xxx.xxx.xxx.xxx:18443/SspJsf/faces/dispatcher.jsp > <https://urldefense.proofpoint.com/v2/url?u=https-3A__xxx.xxx.xxx.xxx-3A18443_SspJsf_faces_dispatcher.jsp&d=DwMFaQ&c=cxWN2QSDopt5SklNfbjIjg&r=9EhYabrbBNvJhLb9eW1k973v8ouhMLndFRJB8Bp9aFE&m=0O-4Jf47DcPg8f7IcJ5o7VcQr2FkxHwhoq94BHCV2e0&s=S7k9g5fsH7DVu1WsQVwpPDuPdw1ruawFR10mMOA0bG4&e=> > > Accept-Encoding: gzip, deflate, br > > Accept-Language: en-US,en;q=0.9 > > Cookie: > JSESSIONID=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0; > JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 > > > > Session Established from Cookie > (1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq ) by Jetty > > > > 2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Got Session ID > 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0 from cookie > > 2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Testing expiry > on session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq: expires at > 1608768989287 now 1608767191034 maxIdle 1800000 > > 2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Testing expiry > on session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq: expires at > 1608768991034 now 1608767191034 maxIdle 1800000 > > 2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Session > 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq accessed, stopping > timer, active requests=1 > > 2020-12-23 17:46:31,034 [qtp-272100020-24] DEBUG session - Cancelled timer > for session 1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq > > 2020-12-23 17:46:31,035 [qtp-272100020-24] DEBUG session - > sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 > > session=Session@fdeeb010{id=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq,x=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0,req=1,res=true} > > > > > > Response back to Browser from Jetty > > > > 2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpConnection - > org.eclipse.jetty.server.HttpConnection$SendCallback@b6bf946d[PROCESSING][i=HTTP/1.1{s=200,h=12,cl=-1},cb=org.eclipse.jetty.server.HttpChannel$SendCallback@36b30123] > generate: NEED_HEADER (null,[p=0,l=368,c=32768,r=368],true)@START > > 2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpGenerator - > generateHeaders HTTP/1.1{s=200,h=12,cl=-1} last=true > content=HeapByteBuffer@1f015958[p=0,l=368,c=32768,r=368]={<<<<?xml > version="1..../body>\n</html>\n>>>\x0e\x12\x0c>\xDb\xDc>\x13.\x04\xDd\xDc\x0c\x12\x12\n=...mentId); > \r\n } > > 2020-12-23 17:46:31,039 [qtp-272100020-24] DEBUG HttpGenerator - > cache-control: no-store, no-cache, must-revalidate > > pragma: no-cache > > X-Frame-Options: SAMEORIGIN > > X-Content-Type-Options: nosniff > > X-XSS-Protection: 1 > > Strict-Transport-Security: max-age=31536000; includeSubDomains; preload > > Referrer-Policy: same-origin > > Content-Security-Policy: unsafe-inline > > Set-Cookie: > JSESSIONID=1jk28dc2s7prt9zqg0yrb2faq1kmn881t05szq1c46w93gr38nq.node0; > Secure; HttpOnly > > Expires: Thu, 01 Jan 1970 00:00:00 GMT > > Set-Cookie: > JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; > Secure; HttpOnly > > Content-Type: text/html;charset=utf-8 > > > > Next Request from Browser to Jetty > > > > GET // xxx.xxx.xxx.xxx:18443/SSPDashboard/resources/KeepAlive.css HTTP/1.1 > > Host: xxx.xxx.xxx.xxx:18443 > > Connection: keep-alive > > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 > > Accept: text/css,*/*;q=0.1 > > Sec-Fetch-Site: same-origin > > Sec-Fetch-Mode: no-cors > > Sec-Fetch-Dest: style > > Referer: https:// xxx.xxx.xxx.xxx:18443/SSPDashboard/keepalive > > Accept-Encoding: gzip, deflate, br > > Accept-Language: en-US,en;q=0.9 > > Cookie: > JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; > JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0; > JSESSIONID=10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 > > > > Session could not be established by Jetty (Why?) > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, > attempting to load > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, > attempting to load > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, > attempting to load > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - > sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 > session=null > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, > attempting to load > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, > attempting to load > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Got Session ID > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4.node0 from cookie > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - Session > 10lfyaco45qk1o5epecgjp53110asgk10ichef1gu1ozdqlaqd4 not found locally, > attempting to load > > 2020-12-23 17:46:31,185 [qtp-272100020-19] DEBUG session - > sessionHandler=org.eclipse.jetty.server.session.SessionHandler-1125304579==dftMaxIdleSec=1800 > session=null > > > > ===================================================== > Please refer to https://northamerica.altran.com/email-disclaimer > for important disclosures regarding this electronic communication. > ===================================================== > > _______________________________________________ > jetty-users mailing list > [email protected] > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users > > > > > -- > > Jan Bartel <[email protected]> > > www.webtide.com > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.webtide.com&d=DwMFaQ&c=cxWN2QSDopt5SklNfbjIjg&r=9EhYabrbBNvJhLb9eW1k973v8ouhMLndFRJB8Bp9aFE&m=0O-4Jf47DcPg8f7IcJ5o7VcQr2FkxHwhoq94BHCV2e0&s=EgYW1P_OrvERCulcSjFDGp5zpTw2ek_Ca8VjetglUFQ&e=> > *Expert assistance from the creators of Jetty and CometD* > > > ===================================================== > Please refer to https://northamerica.altran.com/email-disclaimer > for important disclosures regarding this electronic communication. > ===================================================== > _______________________________________________ > jetty-users mailing list > [email protected] > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users > -- Jan Bartel <[email protected]> www.webtide.com *Expert assistance from the creators of Jetty and CometD*
_______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
