[jboss-jira] [JBoss JIRA] (JBWEB-214) More than one JSESSIONID cookie headers set in JBoss Web

Jan Stefl (JIRA) jira-events at lists.jboss.org
Tue Nov 13 05:59:19 EST 2012 

    [ https://issues.jboss.org/browse/JBWEB-214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12733627#comment-12733627 ] 

Jan Stefl edited comment on JBWEB-214 at 11/13/12 5:59 AM:
-----------------------------------------------------------

Hi Remy,
What do you think about following?

https://issues.apache.org/bugzilla/show_bug.cgi?id=49158#c7
{quote}
This is proving to be critical to us (we manually invalidate sessions first time around when we haven't seen them before - to guard against sessions being presented from search engines), and we currently end up in an invalidation loop as the second JSESSIONID is never actually presented back to the browser.
{quote}

                
      was (Author: jstefl):
    What do you think about following?

https://issues.apache.org/bugzilla/show_bug.cgi?id=49158#c7
{quote}
This is proving to be critical to us (we manually invalidate sessions first time around when we haven't seen them before - to guard against sessions being presented from search engines), and we currently end up in an invalidation loop as the second JSESSIONID is never actually presented back to the browser.
{quote}

                  
> More than one JSESSIONID cookie headers set in JBoss Web
> --------------------------------------------------------
>
>                 Key: JBWEB-214
>                 URL: https://issues.jboss.org/browse/JBWEB-214
>             Project: JBoss Web
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Tomcat
>    Affects Versions: JBossWeb-2.1.11.GA
>            Reporter: Eiichi Nagai
>            Assignee: Remy Maucherat
>
> More than one JSESSIONID cookie headers set if execute following JSP.
> <%
>   session.invalidate();
>   session = request.getSession();
>   session.invalidate();
>   session = request.getSession();
> %>
> This issue has been reported from Bug 49158[1] in tomcat.
> [1] Bug 49158 - More than one JSESSIONID cookie headers set 
> https://issues.apache.org/bugzilla/show_bug.cgi?id=49158
> http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Request.java?r1=944398&r2=944397&pathrev=944398
> http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java?r1=944398&r2=944397&pathrev=944398
> I guess that same fix is required in JBoss Web.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list