[undertow-dev] Wrong JSESSIONID cookie

[Derrick Childers]

I think I've found a bug in undertow and I have patch.  I thought I'd
explain.  We have multiple War's serving a site.  One war covers the root
context '/' and a variety of sub paths/contexts.  A couple of other war's
server specific sub contexts, such as /selfserve.  If you open a browser
and go to / and look at the browser cookies you will see JSESSIONID with
path=/.  Then go to /selfserve and look at the cookies.  You now have two
JSESSIONID cookies.  One for path=/ and one for path=/selfserve.  As far as
I know this is all normal and correct.  From here when my app tries to use
the session it fails in various ways.  What I found was that if I deleted
the JSESSIONID cookie that was associated with path=/ then everything
worked.  After digging around in the code I found where the cookies are
being added to a HashMap by the name.  It looks like the last cookie loaded
wins, which means the correct cookie is loaded first then overridden by the
wrong one.

I have a patch in git and can send a pull request.

-- 
Derrick Childers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20140425/fa1df448/attachment-0001.html