Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session cookie can be set twice after session id changed #7801

Closed
janbartel opened this issue Mar 29, 2022 · 1 comment
Closed

Session cookie can be set twice after session id changed #7801

janbartel opened this issue Mar 29, 2022 · 1 comment
Assignees
@janbartel
Labels
Bug For general bugs on Jetty side

Comments

@janbartel
Copy link
Contributor

jetty 9,10,11

When Request.changeSessionId() is called, the isIdChanged flag on the Session is used to indicate that a new Set-Cookie should be generated with the new session id. However, this flag is not cleared after the cookie is successfully generated. Thus, on the next request, the Set-Cookie header will be generated again. The flag is then cleared correctly. Note that both Set-Cookie headers will be for the same session id - in other words, another session id change is not triggered, just a repetition of the same cookie session id. This only happens when using the DefaultSessionCache, as the same session object is not retained by the NullSessionCache.
@janbartel janbartel added the Bug For general bugs on Jetty side label Mar 29, 2022
@janbartel janbartel self-assigned this Mar 29, 2022
janbartel added a commit that referenced this issue Mar 29, 2022
@janbartel
Issue #7801 Duplicate set session cookie after id change.
d836597 
Signed-off-by: Jan Bartel <janb@webtide.com>
janbartel added a commit that referenced this issue Mar 30, 2022
@janbartel
Issue #7801 Test incorrectly expected duplicate session cookie
73d4fbc 
Signed-off-by: Jan Bartel <janb@webtide.com>
janbartel added a commit that referenced this issue Mar 30, 2022
@janbartel
Issue #7801 Duplicate session cookies after session id change.
b86dd9d 
Signed-off-by: Jan Bartel <janb@webtide.com>
janbartel added a commit that referenced this issue Mar 30, 2022
@janbartel
Issue #7801 Fix incorrect ConstraintTest for session with form redirect
8122ae6 
Signed-off-by: Jan Bartel <janb@webtide.com>
janbartel added a commit that referenced this issue Jun 8, 2022
@janbartel
Jetty 9.4.x 7801 duplicate set session cookies (#7809)
ff2cb45 
* Issue #7801 Duplicate session cookies after session id change.

Signed-off-by: Jan Bartel <janb@webtide.com>
janbartel added a commit that referenced this issue Jun 8, 2022
@janbartel
Jetty 10.0.x 7801 duplicate set session cookie (#7808)
3caee26 
* Issue #7801 Duplicate set session cookie after id change.

Signed-off-by: Jan Bartel <janb@webtide.com>
@janbartel
Copy link
Contributor Author

Fixed via #7808 and #7809.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@janbartel janbartel

Labels
Bug For general bugs on Jetty side
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@janbartel