[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-dev] Cookie Setting
|
Your request was not on secure. If not on secure, the client will not send any cookie that was marked as secure.
On 24 Nov 2015 3:44 p.m., "Jojada Tirtowidjojo" <
jojada@xxxxxxxxx> wrote:
Hi Guys,
I am using Jetty 9.3.6 and Myfaces 2.2.8 and my setting in the web.xml is:
<session-config>
<session-timeout>240</session-timeout>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
When I first visit the login page, the Http Response Headers from the server is
- HTTP/1.1 200 OK
Date: Tue, 24 Nov 2015 02:24:22 GMT
Set-Cookie: JSESSIONID=11cp2c2bxz66fgyqfso1mrcgw;Path=/TeraTextRS;Secure;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Server: Jetty(9.3.6.v20151106)
I can see the 'Set-Cookie' header is set by the server.
However, when I submit the login form, the Http Request Headers from the client is:
- POST /TeraTextRS/pages/login.rs HTTP/1.1
Host: localhost:7620
Connection: keep-alive
Content-Length: 157
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://localhost:7620
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Content-Type: application/x-www-form-urlencoded
DNT: 1
Referer: http://localhost:7620/TeraTextRS/pages/login.rs
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
There isn't 'Cookie' header in the request.
The client is Chrome and I have already set its Cookies setting to 'Allow local data to be set'.
Would anyone please give a comment on what has possibly gone wrong ?
Thank you.
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev