[jboss-jira] [JBoss JIRA] (WFLY-12375) Server returns 2 JSESSIONID cookies

[Nicolas NESMON (Jira)]

     [ https://issues.jboss.org/browse/WFLY-12375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nicolas NESMON updated WFLY-12375:
----------------------------------
    Description: 
Please find below the source code of my simple JAX-RS application:

{code:java}
@ApplicationPath("myApp")
public class Application extends javax.ws.rs.core.Application {

	public Application() {
	}

	@Override
	public Set<Object> getSingletons() {
		return Collections.singleton(new HelloWorldResource());
	}

}
{code}

{code:java}
@Path("/")
@Produces(MediaType.TEXT_PLAIN)
public class HelloWorldResource {

	@Context
	private HttpServletRequest httpServletRequest;

	@GET
	public Response helloWorld() {
		HttpSession session = this.httpServletRequest.getSession(false);
		return Response.ok(session == null ? "Hello world" : "Bye bye world")
				.cookie(new NewCookie("JSESSIONID", "id", "demo", null, null, -1, false)).build();
	}
}
{code}

When deploying this application in WF 17.0.1.Final and running following request:
{noformat}
GET http://localhost:8080/demo/myApp/

Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
Cookie: JSESSIONID=Hello      => without this I only get the cookie I created
{noformat}

I get following response
{noformat}
HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: JSESSIONID=id;Version=1;Path=/demo
Set-Cookie: JSESSIONID=hello.vpi070236; path=/demo
Content-Type: text/plain;charset=UTF-8
Content-Length: 11
Date: Tue, 13 Aug 2019 23:28:15 GMT
{noformat}

As you may notice, there are 2 JSESSIONID cookies in the response:
* The one I was expecting with "id" value since I created it.
* Another own created by the server even if I did not ask for it since in my code I don't  create no HTTP session.

Any idea why this second JSESIONID cookies is created by the server ?

Thanks


  was:
Please find below the source code of my simple JAX-RS application:

{code:java}
@ApplicationPath("myApp")
public class Application extends javax.ws.rs.core.Application {

	public Application() {
	}

	@Override
	public Set<Object> getSingletons() {
		return Collections.singleton(new HelloWorldResource());
	}

}
{code}

{code:java}
@Path("/")
@Produces(MediaType.TEXT_PLAIN)
public class HelloWorldResource {

	@Context
	private HttpServletRequest httpServletRequest;

	@GET
	public Response helloWorld() {
		HttpSession session = this.httpServletRequest.getSession(false);
		return Response.ok(session == null ? "Hello world" : "Bye bye world")
				.cookie(new NewCookie("JSESSIONID", "id", "demo", null, null, -1, false)).build();
	}
}
{code}

When deploying this application in WF 17.0.1.Final and running following request:
{noformat}
GET http://localhost:8080/demo/myApp/

Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
Cookie: JSESSIONID=Hello      => without this I only get the cookie I created
{noformat}

I get following response
{noformat}
HTTP/1.1 200 OK
Connection: keep-alive
Set-Cookie: JSESSIONID=id;Version=1;Path=/demo
Set-Cookie: JSESSIONID=hello.vdw070137; path=/demo
Content-Type: text/plain;charset=UTF-8
Content-Length: 11
Date: Tue, 13 Aug 2019 23:28:15 GMT
{noformat}

As you may notice, there are 2 JSESSIONID cookies in the response:
* The one I was expecting with "id" value since I created it.
* Another own created by the server even if I did not ask for it since in my code I don't  create no HTTP session.

Any idea why this second JSESIONID cookies is created by the server ?

Thanks




> Server returns 2 JSESSIONID cookies 
> ------------------------------------
>
>                 Key: WFLY-12375
>                 URL: https://issues.jboss.org/browse/WFLY-12375
>             Project: WildFly
>          Issue Type: Enhancement
>          Components: EE
>    Affects Versions: 17.0.1.Final
>            Reporter: Nicolas NESMON
>            Assignee: Brian Stansberry
>            Priority: Major
>              Labels: COOKIES, JSESSIONID
>
> Please find below the source code of my simple JAX-RS application:
> {code:java}
> @ApplicationPath("myApp")
> public class Application extends javax.ws.rs.core.Application {
> 	public Application() {
> 	}
> 	@Override
> 	public Set<Object> getSingletons() {
> 		return Collections.singleton(new HelloWorldResource());
> 	}
> }
> {code}
> {code:java}
> @Path("/")
> @Produces(MediaType.TEXT_PLAIN)
> public class HelloWorldResource {
> 	@Context
> 	private HttpServletRequest httpServletRequest;
> 	@GET
> 	public Response helloWorld() {
> 		HttpSession session = this.httpServletRequest.getSession(false);
> 		return Response.ok(session == null ? "Hello world" : "Bye bye world")
> 				.cookie(new NewCookie("JSESSIONID", "id", "demo", null, null, -1, false)).build();
> 	}
> }
> {code}
> When deploying this application in WF 17.0.1.Final and running following request:
> {noformat}
> GET http://localhost:8080/demo/myApp/
> Host: localhost:8080
> User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
> Accept-Encoding: gzip, deflate
> Connection: keep-alive
> Upgrade-Insecure-Requests: 1
> Pragma: no-cache
> Cache-Control: no-cache
> Cookie: JSESSIONID=Hello      => without this I only get the cookie I created
> {noformat}
> I get following response
> {noformat}
> HTTP/1.1 200 OK
> Connection: keep-alive
> Set-Cookie: JSESSIONID=id;Version=1;Path=/demo
> Set-Cookie: JSESSIONID=hello.vpi070236; path=/demo
> Content-Type: text/plain;charset=UTF-8
> Content-Length: 11
> Date: Tue, 13 Aug 2019 23:28:15 GMT
> {noformat}
> As you may notice, there are 2 JSESSIONID cookies in the response:
> * The one I was expecting with "id" value since I created it.
> * Another own created by the server even if I did not ask for it since in my code I don't  create no HTTP session.
> Any idea why this second JSESIONID cookies is created by the server ?
> Thanks



--
This message was sent by Atlassian Jira
(v7.12.1#712002)