Well, a proper client shouldn't be sending more than one cookie of the same name for the same path and domain. If jetty receives multiple session cookies, we look through them all (because we've had previous reports of badly configured clients and apps) to find the one that is valid. If we find more than one valid cookie, we don't know which one to use, so we log it as an error.
On Tue, 5 Apr 2022 at 11:16, John English <john.fore...@gmail.com> wrote: > On 05/04/2022 01:08, Jan Bartel wrote: > > Somehow your client is sending 2 session cookies. Maybe you have have a > > couple of different overlapping cookie paths configured on the server? > > No, it just looks like someone has been playing with openssl or the > like. There are a series of HEAD and OPTIONS commands from a (known, > internal) IP address. There was no login attempt, so perhaps whoever did > it is trying a replay attack using session cookies from an earlier > session. The only annoyance is it shows up as an unhandled exception, so > I get emailed automatically. > > -- > John English > > -- > This email has been checked for viruses by AVG. > https://www.avg.com > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users > -- Jan Bartel <j...@webtide.com> www.webtide.com *Expert assistance from the creators of Jetty and CometD*
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
