myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Näher (JIRA) <>
Subject [jira] [Created] (MYFACES-4054) Webapp with underscore in it's name leads to failed session-cookies
Date Tue, 21 Jun 2016 14:13:57 GMT
Markus Näher created MYFACES-4054:

             Summary: Webapp with underscore in it's name leads to failed session-cookies
                 Key: MYFACES-4054
             Project: MyFaces Core
          Issue Type: Bug
          Components: General
    Affects Versions: 2.1.18
         Environment: OS: Linux / Windows
Container: Tomcat 8.0.X
JDK: Oracle JDK 1.8.0_X
            Reporter: Markus Näher

I analysed the ViewExpiredExceptions I often get with a minimal "helloworld" test project.
I called the webapp "jsf_test". The Exceptions occurred when I displayed a form in the browser
and clicked it within a few seconds.

In the web console of firefox, I could see that the session cookie was set with the path /jsf%5ftest,
while the other cookies (e.g. oam.Flash.RENDERMAP.TOKEN) were set with the path /jsf_test.
It looks like firefox does not send the session cookie with the next request, while  chromium
ignores the difference. You can see in the tomcat manager webapp that the session count increases
when you reload the page.

I also noticed that the issue does not occur on every deployment / tomcat restart. It looks
like the webapp name is stored internally during initialization, and depending on little timing
variations (race condition ?), it is either initialized to the escaped or the unescaped value.
Tomcat manager always displays the unescaped name.
Among my collegues, some are always affected, some occasionally, and some never.

After renaming the webapp to "jsftest", the Exceptions and session count increments were gone.
The issue also occurs with a minus in the name, like "jsf-test".

Unfortunately, my real-life productive project has an underscore in it's name too, but as
many users have bookmarked it, I can't just rename it.

This message was sent by Atlassian JIRA

View raw message