[jboss-jira] [JBoss JIRA] (WFLY-10913) CodecSessionConfig#findSessionId() causes an incorrect JSESSIONID Set-Cookie header
Masafumi Miura (JIRA)
issues at jboss.org
Thu Aug 23 21:51:00 EDT 2018
Masafumi Miura created WFLY-10913:
-------------------------------------
Summary: CodecSessionConfig#findSessionId() causes an incorrect JSESSIONID Set-Cookie header
Key: WFLY-10913
URL: https://issues.jboss.org/browse/WFLY-10913
Project: WildFly
Issue Type: Bug
Components: Web (Undertow)
Affects Versions: 13.0.0.Final, 14.0.0.Beta2
Reporter: Masafumi Miura
Assignee: Stuart Douglas
This issue is very similar to WFLY-10262/JBEAP-14641 but the condition causing the problem is a bit different.
The issue happens when the client sends JSESSIONID Cookie in the request to the web application does NOT use HttpSession. JSESSIONID Set-Cookie response header should not be sent in this scenario, but WildFly/EAP 7 returns the response with JSESSIONID reusing the requested session id which does not exist in the session manager.
The fix for WFLY-10262 / JBEAP-14641 added AttachmentKey SESSION_ID_SET to avoid invoking CodecSessionConfig#setSessionId() more than once. However, the fix does not help for this issue because CodecSessionConfig#setSessionId() is not invoked (= SESSION_ID_SET is null) before the problematic CodecSessionConfig#findSessionId() processing in this scenario.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list