Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id A5303200BD8 for ; Tue, 22 Nov 2016 19:31:02 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id A3FEF160AF1; Tue, 22 Nov 2016 18:31:02 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id EE692160B0C for ; Tue, 22 Nov 2016 19:31:01 +0100 (CET) Received: (qmail 77349 invoked by uid 500); 22 Nov 2016 18:31:01 -0000 Mailing-List: contact issues-help@geode.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.apache.org Delivered-To: mailing list issues@geode.apache.org Received: (qmail 77340 invoked by uid 99); 22 Nov 2016 18:31:01 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Nov 2016 18:31:01 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id BEBFE1804FC for ; Tue, 22 Nov 2016 18:31:00 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -7.019 X-Spam-Level: X-Spam-Status: No, score=-7.019 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.999] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 0cW2LaF7CKTn for ; Tue, 22 Nov 2016 18:31:00 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id 86F625FAFD for ; Tue, 22 Nov 2016 18:30:59 +0000 (UTC) Received: (qmail 76881 invoked by uid 99); 22 Nov 2016 18:30:58 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Nov 2016 18:30:58 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 755FB2C4C70 for ; Tue, 22 Nov 2016 18:30:58 +0000 (UTC) Date: Tue, 22 Nov 2016 18:30:58 +0000 (UTC) From: "Dan Smith (JIRA)" To: issues@geode.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (GEODE-2136) session state module for generic application servers duplicates request cookies MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 22 Nov 2016 18:31:02 -0000 Dan Smith created GEODE-2136: -------------------------------- Summary: session state module for generic application servers duplicates request cookies Key: GEODE-2136 URL: https://issues.apache.org/jira/browse/GEODE-2136 Project: Geode Issue Type: Bug Components: http session Reporter: Dan Smith The session state module for generic application servers duplicates from the request to the response. This can lead to issues with user applications if the application tries to modify a cookie. Below is the offending code {code} private void addSessionCookie(HttpServletResponse response) { // Don't bother if the response is already committed if (response.isCommitted()) { return; } // Get the existing cookies Cookie[] cookies = getCookies(); Cookie cookie = new Cookie(manager.getSessionCookieName(), session.getId()); cookie.setPath("".equals(getContextPath()) ? "/" : getContextPath()); // Clear out all old cookies and just set ours response.addCookie(cookie); // Replace all other cookies which aren't JSESSIONIDs if (cookies != null) { for (Cookie c : cookies) { if (manager.getSessionCookieName().equals(c.getName())) { continue; } response.addCookie(c); } } } {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)