Upgrading Jetty

[Kevin Duling <kd...@pivotal.io>]

I've been working on GEODE-2539 to upgrade Jetty to the latest version.
But I've run in to some snags.

The last version that appears to work with Geode without any changes is
9.3.11.  In 9.3.12, they made a change to add cookies rather than replace,
so some of our tests failed due to two JSESSION cookies being present.
Also, they modified the session timeout to default to 0, causing sessions
to instantly time out if this isn't set.  Also, 9.3.12 dropped support for
TLS 1.1 (Jetty Issue #890).

Further, in Jetty 9.4, they've changed the API, preferring SessionHander
over SessionManager.

I'm comfortable with upgrading Jetty from 9.3.6 to 9.3.11, but I think I
need a lot of help from those more familiar with Geode communications to
move further.

Re: Upgrading Jetty

[Kirk Lund <kl...@apache.org>]

Upgrading to 9.3.11 for now sounds like a good idea. We can file a
different Jira ticket to upgrade to 9.4 in the future. At least we get to
pick up the bug fixes from 9.3.6 to 9.3.11!


On Fri, Mar 10, 2017 at 3:03 PM, Kevin Duling <kd...@pivotal.io> wrote:

> I've been working on GEODE-2539 to upgrade Jetty to the latest version.
> But I've run in to some snags.
>
> The last version that appears to work with Geode without any changes is
> 9.3.11.  In 9.3.12, they made a change to add cookies rather than replace,
> so some of our tests failed due to two JSESSION cookies being present.
> Also, they modified the session timeout to default to 0, causing sessions
> to instantly time out if this isn't set.  Also, 9.3.12 dropped support for
> TLS 1.1 (Jetty Issue #890).
>
> Further, in Jetty 9.4, they've changed the API, preferring SessionHander
> over SessionManager.
>
> I'm comfortable with upgrading Jetty from 9.3.6 to 9.3.11, but I think I
> need a lot of help from those more familiar with Geode communications to
> move further.
>