[jetty-dev] session invalidation for multiple requests on the same session

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[jetty-dev] session invalidation for multiple requests on the same session

rajiv jain
Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory. 

Still we are realizing session invalidated for subsequent requests on the same session.
Please help with your expert recommendations on this.

Regards,
Rajiv Jain

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] session invalidation for multiple requests on the same session

Greg Wilkins
We need a lot more information than you have provided to help diagnose. What are the multiple requests? Are they all authenticated? When does auth happen? How?

On Tue., 14 May 2019, 09:10 rajiv jain, <[hidden email]> wrote:
Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory. 

Still we are realizing session invalidated for subsequent requests on the same session.
Please help with your expert recommendations on this.

Regards,
Rajiv Jain
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] session invalidation for multiple requests on the same session

rajiv jain
Thanks for the reply.
Sure I will provide further information. Yes we have authentication implemented with loginservice. 
These multiple request are from the same client for a given session, post to authentication. 

On Tue, May 14, 2019 at 1:31 PM Greg Wilkins <[hidden email]> wrote:
We need a lot more information than you have provided to help diagnose. What are the multiple requests? Are they all authenticated? When does auth happen? How?

On Tue., 14 May 2019, 09:10 rajiv jain, <[hidden email]> wrote:
Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory. 

Still we are realizing session invalidated for subsequent requests on the same session.
Please help with your expert recommendations on this.

Regards,
Rajiv Jain
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] session invalidation for multiple requests on the same session

Jan Bartel
Can you please enable debug for org.eclipse.jetty.server.session and post some log fragments showing the problem, plus all your configuration code for sessions.

Jan

On Tue., 14 May 2019, 10:10 rajiv jain, <[hidden email]> wrote:
Thanks for the reply.
Sure I will provide further information. Yes we have authentication implemented with loginservice. 
These multiple request are from the same client for a given session, post to authentication. 

On Tue, May 14, 2019 at 1:31 PM Greg Wilkins <[hidden email]> wrote:
We need a lot more information than you have provided to help diagnose. What are the multiple requests? Are they all authenticated? When does auth happen? How?

On Tue., 14 May 2019, 09:10 rajiv jain, <[hidden email]> wrote:
Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory. 

Still we are realizing session invalidated for subsequent requests on the same session.
Please help with your expert recommendations on this.

Regards,
Rajiv Jain
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] session invalidation for multiple requests on the same session

rajiv jain
cool, after enabling the logs, I got the issue. It was failing since I did wrong configuration of sessioncache and sessiondatastore instances.
Thank you very much you all..! Awesome.

On Tue, May 14, 2019 at 4:28 PM Jan Bartel <[hidden email]> wrote:
Can you please enable debug for org.eclipse.jetty.server.session and post some log fragments showing the problem, plus all your configuration code for sessions.

Jan

On Tue., 14 May 2019, 10:10 rajiv jain, <[hidden email]> wrote:
Thanks for the reply.
Sure I will provide further information. Yes we have authentication implemented with loginservice. 
These multiple request are from the same client for a given session, post to authentication. 

On Tue, May 14, 2019 at 1:31 PM Greg Wilkins <[hidden email]> wrote:
We need a lot more information than you have provided to help diagnose. What are the multiple requests? Are they all authenticated? When does auth happen? How?

On Tue., 14 May 2019, 09:10 rajiv jain, <[hidden email]> wrote:
Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory. 

Still we are realizing session invalidated for subsequent requests on the same session.
Please help with your expert recommendations on this.

Regards,
Rajiv Jain
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] session invalidation for multiple requests on the same session

rajiv jain
Hi,

Another blocker.
Earlier it worked by keeping secure and httponly flag as false under cookie-config in web.xml.
After marking them as true it stopped working again. Stopped working means, for concurrent requests, session are being invalidated. 

Also I am getting closedchannelException very frequent as below

java.nio.channels.ClosedChannelException
at org.eclipse.jetty.io.FillInterest.onClose(FillInterest.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.onClose(AbstractEndPoint.java:354)
at org.eclipse.jetty.io.ChannelEndPoint.onClose(ChannelEndPoint.java:215)
at org.eclipse.jetty.io.AbstractEndPoint.doOnClose(AbstractEndPoint.java:225)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:192)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:175)

Kindly let me know in case you need any other details.

Regards..!

On Tue, May 14, 2019 at 4:38 PM rajiv jain <[hidden email]> wrote:
cool, after enabling the logs, I got the issue. It was failing since I did wrong configuration of sessioncache and sessiondatastore instances.
Thank you very much you all..! Awesome.

On Tue, May 14, 2019 at 4:28 PM Jan Bartel <[hidden email]> wrote:
Can you please enable debug for org.eclipse.jetty.server.session and post some log fragments showing the problem, plus all your configuration code for sessions.

Jan

On Tue., 14 May 2019, 10:10 rajiv jain, <[hidden email]> wrote:
Thanks for the reply.
Sure I will provide further information. Yes we have authentication implemented with loginservice. 
These multiple request are from the same client for a given session, post to authentication. 

On Tue, May 14, 2019 at 1:31 PM Greg Wilkins <[hidden email]> wrote:
We need a lot more information than you have provided to help diagnose. What are the multiple requests? Are they all authenticated? When does auth happen? How?

On Tue., 14 May 2019, 09:10 rajiv jain, <[hidden email]> wrote:
Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory. 

Still we are realizing session invalidated for subsequent requests on the same session.
Please help with your expert recommendations on this.

Regards,
Rajiv Jain
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] session invalidation for multiple requests on the same session

rajiv jain
more errors 

05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.session:qtp1068934215-3598: SessionHandler.doScope
05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.CookieCutter:qtp1068934215-3598: 
java.lang.IllegalArgumentException: Cookie name "HttpOnly;$Path" is a reserved token
at javax.servlet.http.Cookie.<init>(Cookie.java:192)
at org.eclipse.jetty.server.CookieCutter.parseFields(CookieCutter.java:265)
at org.eclipse.jetty.server.CookieCutter.getCookies(CookieCutter.java:68)
at org.eclipse.jetty.server.Request.getCookies(Request.java:784)
at org.eclipse.jetty.server.session.SessionHandler.checkRequestedSessionId(SessionHandler.java:1731)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1649)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:505)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:427)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:321)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)



On Thu, May 16, 2019 at 10:37 AM rajiv jain <[hidden email]> wrote:
Hi,

Another blocker.
Earlier it worked by keeping secure and httponly flag as false under cookie-config in web.xml.
After marking them as true it stopped working again. Stopped working means, for concurrent requests, session are being invalidated. 

Also I am getting closedchannelException very frequent as below

java.nio.channels.ClosedChannelException
at org.eclipse.jetty.io.FillInterest.onClose(FillInterest.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.onClose(AbstractEndPoint.java:354)
at org.eclipse.jetty.io.ChannelEndPoint.onClose(ChannelEndPoint.java:215)
at org.eclipse.jetty.io.AbstractEndPoint.doOnClose(AbstractEndPoint.java:225)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:192)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:175)

Kindly let me know in case you need any other details.

Regards..!

On Tue, May 14, 2019 at 4:38 PM rajiv jain <[hidden email]> wrote:
cool, after enabling the logs, I got the issue. It was failing since I did wrong configuration of sessioncache and sessiondatastore instances.
Thank you very much you all..! Awesome.

On Tue, May 14, 2019 at 4:28 PM Jan Bartel <[hidden email]> wrote:
Can you please enable debug for org.eclipse.jetty.server.session and post some log fragments showing the problem, plus all your configuration code for sessions.

Jan

On Tue., 14 May 2019, 10:10 rajiv jain, <[hidden email]> wrote:
Thanks for the reply.
Sure I will provide further information. Yes we have authentication implemented with loginservice. 
These multiple request are from the same client for a given session, post to authentication. 

On Tue, May 14, 2019 at 1:31 PM Greg Wilkins <[hidden email]> wrote:
We need a lot more information than you have provided to help diagnose. What are the multiple requests? Are they all authenticated? When does auth happen? How?

On Tue., 14 May 2019, 09:10 rajiv jain, <[hidden email]> wrote:
Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory. 

Still we are realizing session invalidated for subsequent requests on the same session.
Please help with your expert recommendations on this.

Regards,
Rajiv Jain
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] session invalidation for multiple requests on the same session

Jan Bartel
Rajiv,

You need to use a tool like ethereal or some other tool that allows you to see the http dialog from client to server. Look at the headers being transmitted - do they contain valid values? You can also look at this dialog to help diagnose your session issues - see where the client sends the JSESSION_ID and how the server responds, particularly where the JSESSIONID cookie is being set. Cross correlate that with full DEBUG on your org.eclipse.jetty.server.session logging.

regards
Jan

On Thu, 16 May 2019 at 07:28, rajiv jain <[hidden email]> wrote:
more errors 

05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.session:qtp1068934215-3598: SessionHandler.doScope
05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.CookieCutter:qtp1068934215-3598: 
java.lang.IllegalArgumentException: Cookie name "HttpOnly;$Path" is a reserved token
at javax.servlet.http.Cookie.<init>(Cookie.java:192)
at org.eclipse.jetty.server.CookieCutter.parseFields(CookieCutter.java:265)
at org.eclipse.jetty.server.CookieCutter.getCookies(CookieCutter.java:68)
at org.eclipse.jetty.server.Request.getCookies(Request.java:784)
at org.eclipse.jetty.server.session.SessionHandler.checkRequestedSessionId(SessionHandler.java:1731)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1649)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:505)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:427)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:321)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)



On Thu, May 16, 2019 at 10:37 AM rajiv jain <[hidden email]> wrote:
Hi,

Another blocker.
Earlier it worked by keeping secure and httponly flag as false under cookie-config in web.xml.
After marking them as true it stopped working again. Stopped working means, for concurrent requests, session are being invalidated. 

Also I am getting closedchannelException very frequent as below

java.nio.channels.ClosedChannelException
at org.eclipse.jetty.io.FillInterest.onClose(FillInterest.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.onClose(AbstractEndPoint.java:354)
at org.eclipse.jetty.io.ChannelEndPoint.onClose(ChannelEndPoint.java:215)
at org.eclipse.jetty.io.AbstractEndPoint.doOnClose(AbstractEndPoint.java:225)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:192)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:175)

Kindly let me know in case you need any other details.

Regards..!

On Tue, May 14, 2019 at 4:38 PM rajiv jain <[hidden email]> wrote:
cool, after enabling the logs, I got the issue. It was failing since I did wrong configuration of sessioncache and sessiondatastore instances.
Thank you very much you all..! Awesome.

On Tue, May 14, 2019 at 4:28 PM Jan Bartel <[hidden email]> wrote:
Can you please enable debug for org.eclipse.jetty.server.session and post some log fragments showing the problem, plus all your configuration code for sessions.

Jan

On Tue., 14 May 2019, 10:10 rajiv jain, <[hidden email]> wrote:
Thanks for the reply.
Sure I will provide further information. Yes we have authentication implemented with loginservice. 
These multiple request are from the same client for a given session, post to authentication. 

On Tue, May 14, 2019 at 1:31 PM Greg Wilkins <[hidden email]> wrote:
We need a lot more information than you have provided to help diagnose. What are the multiple requests? Are they all authenticated? When does auth happen? How?

On Tue., 14 May 2019, 09:10 rajiv jain, <[hidden email]> wrote:
Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory. 

Still we are realizing session invalidated for subsequent requests on the same session.
Please help with your expert recommendations on this.

Regards,
Rajiv Jain
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev


--
Jan Bartel <[hidden email]>
www.webtide.com
Expert assistance from the creators of Jetty and CometD


_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] session invalidation for multiple requests on the same session

rajiv jain
Hi Jan,

Thanks for your reply.

I have enabled the logs you mentioned. We are adding sessionid in response.

Shall I provide any logs which may give any insight?

Regards..

On Thu, May 16, 2019, 12:48 PM Jan Bartel <[hidden email]> wrote:
Rajiv,

You need to use a tool like ethereal or some other tool that allows you to see the http dialog from client to server. Look at the headers being transmitted - do they contain valid values? You can also look at this dialog to help diagnose your session issues - see where the client sends the JSESSION_ID and how the server responds, particularly where the JSESSIONID cookie is being set. Cross correlate that with full DEBUG on your org.eclipse.jetty.server.session logging.

regards
Jan

On Thu, 16 May 2019 at 07:28, rajiv jain <[hidden email]> wrote:
more errors 

05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.session:qtp1068934215-3598: SessionHandler.doScope
05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.CookieCutter:qtp1068934215-3598: 
java.lang.IllegalArgumentException: Cookie name "HttpOnly;$Path" is a reserved token
at javax.servlet.http.Cookie.<init>(Cookie.java:192)
at org.eclipse.jetty.server.CookieCutter.parseFields(CookieCutter.java:265)
at org.eclipse.jetty.server.CookieCutter.getCookies(CookieCutter.java:68)
at org.eclipse.jetty.server.Request.getCookies(Request.java:784)
at org.eclipse.jetty.server.session.SessionHandler.checkRequestedSessionId(SessionHandler.java:1731)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1649)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:505)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:427)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:321)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)



On Thu, May 16, 2019 at 10:37 AM rajiv jain <[hidden email]> wrote:
Hi,

Another blocker.
Earlier it worked by keeping secure and httponly flag as false under cookie-config in web.xml.
After marking them as true it stopped working again. Stopped working means, for concurrent requests, session are being invalidated. 

Also I am getting closedchannelException very frequent as below

java.nio.channels.ClosedChannelException
at org.eclipse.jetty.io.FillInterest.onClose(FillInterest.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.onClose(AbstractEndPoint.java:354)
at org.eclipse.jetty.io.ChannelEndPoint.onClose(ChannelEndPoint.java:215)
at org.eclipse.jetty.io.AbstractEndPoint.doOnClose(AbstractEndPoint.java:225)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:192)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:175)

Kindly let me know in case you need any other details.

Regards..!

On Tue, May 14, 2019 at 4:38 PM rajiv jain <[hidden email]> wrote:
cool, after enabling the logs, I got the issue. It was failing since I did wrong configuration of sessioncache and sessiondatastore instances.
Thank you very much you all..! Awesome.

On Tue, May 14, 2019 at 4:28 PM Jan Bartel <[hidden email]> wrote:
Can you please enable debug for org.eclipse.jetty.server.session and post some log fragments showing the problem, plus all your configuration code for sessions.

Jan

On Tue., 14 May 2019, 10:10 rajiv jain, <[hidden email]> wrote:
Thanks for the reply.
Sure I will provide further information. Yes we have authentication implemented with loginservice. 
These multiple request are from the same client for a given session, post to authentication. 

On Tue, May 14, 2019 at 1:31 PM Greg Wilkins <[hidden email]> wrote:
We need a lot more information than you have provided to help diagnose. What are the multiple requests? Are they all authenticated? When does auth happen? How?

On Tue., 14 May 2019, 09:10 rajiv jain, <[hidden email]> wrote:
Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory. 

Still we are realizing session invalidated for subsequent requests on the same session.
Please help with your expert recommendations on this.

Regards,
Rajiv Jain
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev


--
Jan Bartel <[hidden email]>
www.webtide.com
Expert assistance from the creators of Jetty and CometD

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] session invalidation for multiple requests on the same session

Jan Bartel
Rajiv,

In the first instance, you should trace through the logs yourselves to follow the lifecycle of a session: see where it is being created, where it is being used on a request, and where it is being invalidated. The latter will only happen if the session is being expired by jetty (because its configured inactive interval has passed) or your application code (or some library you use) explicitly calls  invalidate.

Jan

On Thu, 16 May 2019 at 09:37, rajiv jain <[hidden email]> wrote:
Hi Jan,

Thanks for your reply.

I have enabled the logs you mentioned. We are adding sessionid in response.

Shall I provide any logs which may give any insight?

Regards..

On Thu, May 16, 2019, 12:48 PM Jan Bartel <[hidden email]> wrote:
Rajiv,

You need to use a tool like ethereal or some other tool that allows you to see the http dialog from client to server. Look at the headers being transmitted - do they contain valid values? You can also look at this dialog to help diagnose your session issues - see where the client sends the JSESSION_ID and how the server responds, particularly where the JSESSIONID cookie is being set. Cross correlate that with full DEBUG on your org.eclipse.jetty.server.session logging.

regards
Jan

On Thu, 16 May 2019 at 07:28, rajiv jain <[hidden email]> wrote:
more errors 

05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.session:qtp1068934215-3598: SessionHandler.doScope
05/16/19 EDT 01:14:51 [cxf-26341] 2019-05-16 01:14:51.267:DBUG:oejs.CookieCutter:qtp1068934215-3598: 
java.lang.IllegalArgumentException: Cookie name "HttpOnly;$Path" is a reserved token
at javax.servlet.http.Cookie.<init>(Cookie.java:192)
at org.eclipse.jetty.server.CookieCutter.parseFields(CookieCutter.java:265)
at org.eclipse.jetty.server.CookieCutter.getCookies(CookieCutter.java:68)
at org.eclipse.jetty.server.Request.getCookies(Request.java:784)
at org.eclipse.jetty.server.session.SessionHandler.checkRequestedSessionId(SessionHandler.java:1731)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1649)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:505)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:427)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:321)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)



On Thu, May 16, 2019 at 10:37 AM rajiv jain <[hidden email]> wrote:
Hi,

Another blocker.
Earlier it worked by keeping secure and httponly flag as false under cookie-config in web.xml.
After marking them as true it stopped working again. Stopped working means, for concurrent requests, session are being invalidated. 

Also I am getting closedchannelException very frequent as below

java.nio.channels.ClosedChannelException
at org.eclipse.jetty.io.FillInterest.onClose(FillInterest.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.onClose(AbstractEndPoint.java:354)
at org.eclipse.jetty.io.ChannelEndPoint.onClose(ChannelEndPoint.java:215)
at org.eclipse.jetty.io.AbstractEndPoint.doOnClose(AbstractEndPoint.java:225)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:192)
at org.eclipse.jetty.io.AbstractEndPoint.close(AbstractEndPoint.java:175)

Kindly let me know in case you need any other details.

Regards..!

On Tue, May 14, 2019 at 4:38 PM rajiv jain <[hidden email]> wrote:
cool, after enabling the logs, I got the issue. It was failing since I did wrong configuration of sessioncache and sessiondatastore instances.
Thank you very much you all..! Awesome.

On Tue, May 14, 2019 at 4:28 PM Jan Bartel <[hidden email]> wrote:
Can you please enable debug for org.eclipse.jetty.server.session and post some log fragments showing the problem, plus all your configuration code for sessions.

Jan

On Tue., 14 May 2019, 10:10 rajiv jain, <[hidden email]> wrote:
Thanks for the reply.
Sure I will provide further information. Yes we have authentication implemented with loginservice. 
These multiple request are from the same client for a given session, post to authentication. 

On Tue, May 14, 2019 at 1:31 PM Greg Wilkins <[hidden email]> wrote:
We need a lot more information than you have provided to help diagnose. What are the multiple requests? Are they all authenticated? When does auth happen? How?

On Tue., 14 May 2019, 09:10 rajiv jain, <[hidden email]> wrote:
Hi,

We recently have upgraded the Jetty from 6.1.2 to 9.4.12. We are using embedded jetty in out product.

I have configured sansessionHandler with 'secure' and httpOnly flag set to false under CookieConfig. Additionally, I configured DefaultSessionCache with NullSessionDataStore to persist sessions in-memory. 

Still we are realizing session invalidated for subsequent requests on the same session.
Please help with your expert recommendations on this.

Regards,
Rajiv Jain
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev


--
Jan Bartel <[hidden email]>
www.webtide.com
Expert assistance from the creators of Jetty and CometD

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev


--
Jan Bartel <[hidden email]>
www.webtide.com
Expert assistance from the creators of Jetty and CometD


_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-dev