You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Sandeep More (Jira)" <ji...@apache.org> on 2021/02/25 16:10:00 UTC

[jira] [Created] (KNOX-2538) JSESSIONID cookie missing when Zeppelin UI proxied via Knox

Sandeep More created KNOX-2538:
----------------------------------

             Summary: JSESSIONID cookie missing when Zeppelin UI proxied via Knox
                 Key: KNOX-2538
                 URL: https://issues.apache.org/jira/browse/KNOX-2538
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
            Reporter: Sandeep More
            Assignee: Sandeep More
             Fix For: 1.6.0


Sometimes Knox gateway sends back Set-Cookie header in not proper formatted way, mix attribute order

{code}
properly formatted SET-COOKIE response (start with JSESSIONID)
GET /zeppelin/api/security/ticket
Set-Cookie: JSESSIONID=ba760126-414f-406d-baa1-99e14eb47656; SameSite=none; Secure; Path=/; HttpOnly
{code}

{code}
not properly formatted SET-COOKIE response
GET /zeppelin/api/security/ticket
Set-Cookie: SameSite=none; Secure; Path=/; JSESSIONID=b2934cd3-820a-47da-a9b8-4b3af3284502; HttpOnly
{code}

_Informally, the Set-Cookie response header contains the header name "Set-Cookie" followed by a ":" and a cookie. Each cookie begins with a name-value-pair, followed by zero or more attribute-value pairs. _
- [Set-Cookie specification|https://tools.ietf.org/html/rfc6265#section-4.1.1]

Not properly formatted SET-COOKIE issue is not always present, sometimes it is working, sometimes is not. Please try a couple of times to reproduce this issue, If the JSESSIONID cookie presents, remove it manually and refresh the page to simulate session timeout case.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)