You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/02/25 16:45:00 UTC

[jira] [Work logged] (KNOX-2538) JSESSIONID cookie missing when Zeppelin UI proxied via Knox

     [ https://issues.apache.org/jira/browse/KNOX-2538?focusedWorklogId=558017&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-558017 ]

ASF GitHub Bot logged work on KNOX-2538:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 25/Feb/21 16:44
            Start Date: 25/Feb/21 16:44
    Worklog Time Spent: 10m 
      Work Description: moresandeep opened a new pull request #403:
URL: https://github.com/apache/knox/pull/403


   ## What changes were proposed in this pull request?
   In Knox dispatch make sure the SET-COOKIE attributes are ordered to prevent breaking services.
   
   ## How was this patch tested?
   tested manually locally.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 558017)
    Remaining Estimate: 0h
            Time Spent: 10m

> JSESSIONID cookie missing when Zeppelin UI proxied via Knox
> -----------------------------------------------------------
>
>                 Key: KNOX-2538
>                 URL: https://issues.apache.org/jira/browse/KNOX-2538
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Zoltan Holoda
>            Assignee: Sandeep More
>            Priority: Major
>             Fix For: 1.6.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Sometimes Knox gateway sends back Set-Cookie header in not proper formatted way, mix attribute order
> {code}
> properly formatted SET-COOKIE response (start with JSESSIONID)
> GET /zeppelin/api/security/ticket
> Set-Cookie: JSESSIONID=ba760126-414f-406d-baa1-99e14eb47656; SameSite=none; Secure; Path=/; HttpOnly
> {code}
> {code}
> not properly formatted SET-COOKIE response
> GET /zeppelin/api/security/ticket
> Set-Cookie: SameSite=none; Secure; Path=/; JSESSIONID=b2934cd3-820a-47da-a9b8-4b3af3284502; HttpOnly
> {code}
> _Informally, the Set-Cookie response header contains the header name "Set-Cookie" followed by a ":" and a cookie. Each cookie begins with a name-value-pair, followed by zero or more attribute-value pairs. _
> - [Set-Cookie specification|https://tools.ietf.org/html/rfc6265#section-4.1.1]
> Not properly formatted SET-COOKIE issue is not always present, sometimes it is working, sometimes is not. Please try a couple of times to reproduce this issue, If the JSESSIONID cookie presents, remove it manually and refresh the page to simulate session timeout case.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)