Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jetty keeps Sessions in use after "Duplicate valid session cookies" Message #6085

Closed
ssoec4u opened this issue Mar 23, 2021 · 3 comments · Fixed by #6096 or #6103
Closed

Jetty keeps Sessions in use after "Duplicate valid session cookies" Message #6085

ssoec4u opened this issue Mar 23, 2021 · 3 comments · Fixed by #6096 or #6103

Comments

@ssoec4u
Copy link

@ssoec4u ssoec4u commented Mar 23, 2021

Jetty version
9.4.26

Java version
openjdk version "10.0.2" 2018-07-17

OS type/version
CentOS Linux 7 (core)

Description
After getting org.eclipse.jetty.http.BadMessageException: 400: Duplicate valid session cookies jetty keeps the duplicate sessions in use state (request counter in session >0). Thats why these session will not be invalidated by the HouseKeeper-Thread.
Is this a bug in jetty?

@gregw gregw added this to To do in Jetty 9.4.38 via automation Mar 23, 2021
@janbartel
Copy link
Contributor

@janbartel janbartel commented Mar 23, 2021

@ssoec4u I will put in a fix for this to ensure that duplicate valid sessions have their request counts decremented correctly.

But how the heck did you manage to get multiple sessions with different ids created, and moreover get the client to send more than 1 JSESSIONID cookie?

Also, you're more than 10 releases of jetty behind, it would be best if you could upgrade.

janbartel added a commit that referenced this issue Mar 23, 2021
…ions

Signed-off-by: Jan Bartel <janb@webtide.com>
janbartel added a commit that referenced this issue Mar 24, 2021
…ons (#6088)

* Issue #6085 Fix reference counts for multiple valid cookies for sesssions

Signed-off-by: Jan Bartel <janb@webtide.com>
@janbartel
Copy link
Contributor

@janbartel janbartel commented Mar 24, 2021

Fixed via #6088.

@janbartel janbartel closed this Mar 24, 2021
Jetty 9.4.38 automation moved this from To do to Done Mar 24, 2021
@janbartel janbartel self-assigned this Mar 24, 2021
janbartel added a commit that referenced this issue Mar 24, 2021
…ons (#6088)

* Issue #6085 Fix reference counts for multiple valid cookies for sesssions

Signed-off-by: Jan Bartel <janb@webtide.com>
janbartel added a commit that referenced this issue Mar 24, 2021
…ons (#6088) (#6096)

* Issue #6085 Fix reference counts for multiple valid cookies for sesssions

Signed-off-by: Jan Bartel <janb@webtide.com>
@olamy olamy moved this from Done to To do in Jetty 9.4.38 Mar 25, 2021
@janbartel janbartel removed this from To do in Jetty 9.4.38 Mar 25, 2021
@janbartel janbartel added this to Done in Jetty 9.4.39 Mar 25, 2021
@gregw gregw added this to To do in Jetty 10.0.2/11.0.2 via automation Mar 25, 2021
@gregw gregw moved this from To do to Done in Jetty 10.0.2/11.0.2 Mar 25, 2021
@gregw gregw reopened this Mar 25, 2021
Jetty 10.0.2/11.0.2 automation moved this from Done to In progress Mar 25, 2021
@gregw gregw closed this Mar 25, 2021
Jetty 10.0.2/11.0.2 automation moved this from In progress to Done Mar 25, 2021
@ssoec4u
Copy link
Author

@ssoec4u ssoec4u commented Mar 25, 2021

@ssoec4u I will put in a fix for this to ensure that duplicate valid sessions have their request counts decremented correctly.

But how the heck did you manage to get multiple sessions with different ids created, and moreover get the client to send more than 1 JSESSIONID cookie?

Also, you're more than 10 releases of jetty behind, it would be best if you could upgrade.

The problem can be understood if you call up a web link from an Excel (Microsoft) in a Window 10 with the current IE Edge. The condition is that the website uses session cookies for this.
If you then call up the link at least twice, the message appears in the log file.

janbartel added a commit that referenced this issue Mar 25, 2021
Signed-off-by: Jan Bartel <janb@webtide.com>
sbordet added a commit that referenced this issue Mar 25, 2021
Cosmetic changes.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
sbordet added a commit that referenced this issue Mar 25, 2021
Fixed typo and stopping server & client in testMulitpleIdenticalSessionCookies().

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
sbordet added a commit that referenced this issue Mar 25, 2021
Signed-off-by: Jan Bartel <janb@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
sbordet added a commit that referenced this issue Mar 25, 2021
Cosmetic changes.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
sbordet added a commit that referenced this issue Mar 25, 2021
Signed-off-by: Jan Bartel <janb@webtide.com>
sbordet added a commit that referenced this issue Mar 25, 2021
Cosmetic changes.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
sbordet added a commit that referenced this issue Mar 25, 2021
Fixed typo and stopping server & client in testMulitpleIdenticalSessionCookies().

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
sbordet added a commit that referenced this issue Mar 25, 2021
Signed-off-by: Jan Bartel <janb@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
sbordet added a commit that referenced this issue Mar 25, 2021
Cosmetic changes.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
No open projects
3 participants