You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/02/25 22:46:00 UTC

[jira] [Commented] (KNOX-2538) JSESSIONID cookie missing when Zeppelin UI proxied via Knox

    [ https://issues.apache.org/jira/browse/KNOX-2538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17291274#comment-17291274 ] 

ASF subversion and git services commented on KNOX-2538:
-------------------------------------------------------

Commit 81591369501b82880987d09e5704d685d97aaf4a in knox's branch refs/heads/master from Sandeep Moré
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=8159136 ]

KNOX-2538 - Make sure SET-COOKIE attributes are ordered properly (#403)



> JSESSIONID cookie missing when Zeppelin UI proxied via Knox
> -----------------------------------------------------------
>
>                 Key: KNOX-2538
>                 URL: https://issues.apache.org/jira/browse/KNOX-2538
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Zoltan Holoda
>            Assignee: Sandeep More
>            Priority: Major
>             Fix For: 1.6.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Sometimes Knox gateway sends back Set-Cookie header in not proper formatted way, mix attribute order
> {code}
> properly formatted SET-COOKIE response (start with JSESSIONID)
> GET /zeppelin/api/security/ticket
> Set-Cookie: JSESSIONID=ba760126-414f-406d-baa1-99e14eb47656; SameSite=none; Secure; Path=/; HttpOnly
> {code}
> {code}
> not properly formatted SET-COOKIE response
> GET /zeppelin/api/security/ticket
> Set-Cookie: SameSite=none; Secure; Path=/; JSESSIONID=b2934cd3-820a-47da-a9b8-4b3af3284502; HttpOnly
> {code}
> _Informally, the Set-Cookie response header contains the header name "Set-Cookie" followed by a ":" and a cookie. Each cookie begins with a name-value-pair, followed by zero or more attribute-value pairs. _
> - [Set-Cookie specification|https://tools.ietf.org/html/rfc6265#section-4.1.1]
> Not properly formatted SET-COOKIE issue is not always present, sometimes it is working, sometimes is not. Please try a couple of times to reproduce this issue, If the JSESSIONID cookie presents, remove it manually and refresh the page to simulate session timeout case.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)