On 05/04/2022 01:08, Jan Bartel wrote:
Somehow your client is sending 2 session cookies. Maybe you have have a couple of different overlapping cookie paths configured on the server?
No, it just looks like someone has been playing with openssl or the like. There are a series of HEAD and OPTIONS commands from a (known, internal) IP address. There was no login attempt, so perhaps whoever did it is trying a replay attack using session cookies from an earlier session. The only annoyance is it shows up as an unhandled exception, so I get emailed automatically.
-- John English -- This email has been checked for viruses by AVG. https://www.avg.com _______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
