[jboss-jira] [JBoss JIRA] (WFLY-12375) Server returns 2 JSESSIONID cookies

Nicolas NESMON (Jira) issues at jboss.org
Tue Aug 13 19:49:00 EDT 2019 

Nicolas NESMON created WFLY-12375:
-------------------------------------

             Summary: Server returns 2 JSESSIONID cookies 
                 Key: WFLY-12375
                 URL: https://issues.jboss.org/browse/WFLY-12375
             Project: WildFly
          Issue Type: Enhancement
          Components: EE
    Affects Versions: 17.0.1.Final
            Reporter: Nicolas NESMON
            Assignee: Brian Stansberry


Please find below the source code of my simple JAX-RS application:

{code:java}
@ApplicationPath("myApp")
public class Application extends javax.ws.rs.core.Application {

	public Application() {
	}

	@Override
	public Set<Object> getSingletons() {
		return Collections.singleton(new HelloWorldResource());
	}

}
{code}

{code:java}
@Path("/")
@Produces(MediaType.TEXT_PLAIN)
public class HelloWorldResource {

	@Context
	private HttpServletRequest httpServletRequest;

	@GET
	public Response helloWorld() {
		HttpSession session = this.httpServletRequest.getSession(false);
		return Response.ok(session == null ? "Hello world" : "Bye bye world")
				.cookie(new NewCookie("JSESSIONID", "id", "demo", null, null, -1, false)).build();
	}
}
{code}

When deploying this application in WF 17.0.1.Final and running following request:
{noformat}
GET http://localhost:8080/demo/myApp/

Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
Cookie: JSESSIONID=Hello      => without this I only get the cookie I created
{noformat}

I get following response
{noformat}
HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: JSESSIONID=id;Version=1;Path=/demo
Set-Cookie: JSESSIONID=hello.vdw070137; path=/demo
Content-Type: text/plain;charset=UTF-8
Content-Length: 11
Date: Tue, 13 Aug 2019 23:28:15 GMT
{noformat}

As you may notice, there are 2 JSESSIONID cookies in the response:
* The one I was expecting with "id" value since I created it.
* Another own created by the server even if I did not ask for it since in my code I don't  create no HTTP session.

Any idea why this second JSESIONID cookies is created by the server ?

Thanks




--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list