Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.5.0, 7.5.1, 7.7.1, 7.10.2, 8.5.1, 7.13.11, 8.13.0, 8.13.4, 8.13.13
-
7.05
-
71
-
Severity 3 - Minor
-
8
-
-
Description
When using AWS Application Load Balancer, the following WARN log messages are shown in the logs, as JIRA does not understand the "Expires" header used for sticky sessions.
2017-09-27 01:44:47,292 HealthCheck:thread-7 WARN [o.a.h.client.protocol.ResponseProcessCookies] Invalid cookie header: "Set-Cookie: AWSALB=0ZUqvdBS59ZoSCeAklRnPxaqGXvsz6Nmj3KttNZeNpe67cZkWR+Oo4QxRT+BZR+gMEpm/GjnXDLeygXt57f1XUXVEXaL2HDIxVb29dGrYcV74ygN6I4/AnaoCK+r; Expires=Wed, 04 Oct 2017 01:44:47 GMT; Path=/". Invalid 'expires' attribute: Wed, 04 Oct 2017 01:44:47 GMT
2017-09-27 10:26:18,143 http-nio-8080-exec-1 WARN ahsdm 626x381427x1 1a6ih9p 192.168.200.108,127.0.0.1 /secure/Dashboard [o.a.h.client.protocol.ResponseProcessCookies] Invalid cookie header: "Set-Cookie: AWSALB=ABUqvdBS59ZoSCeAklRnPxaqGXvsz6Nmj3KttNZeNpe67cZkWR+AAo4QxZR+gMEpm/GjnXDLeygXt57f1XUXVEXaL2HDIxVb29dGrYcV74ygN6naoCK+r; Expires=Wed, 04 Oct 2017 01:44:47 GMT; Path=/". Invalid 'expires' attribute: Wed, 04 Oct 2017 02:44:47 GMT
From RFC6265
== Server -> User Agent == Set-Cookie: lang=en-US; Expires=Wed, 09 Jun 2021 10:18:14 GMT
Using the debugger, it looks like the only accepted date format is EEE, dd-MMM-yy HH:mm:ss z.. For some reason the code path that it is going down is not supporting the newer date formats and the Cookie Spec in the Debugger lists RFC2965, RFC2109 and Netscape:
From the Apache http-client 4.5.3 JAR /org/apache/http/impl/cookie/CookieSpecBase.class:
I also saw:
protected List<Cookie> parse(HeaderElement[] elems, CookieOrigin origin) throws MalformedCookieException { List<Cookie> cookies = new ArrayList(elems.length); HeaderElement[] arr$ = elems; int len$ = elems.length; for(int i$ = 0; i$ < len$; ++i$) { HeaderElement headerelement = arr$[i$]; String name = headerelement.getName(); String value = headerelement.getValue(); if (name != null && !name.isEmpty()) { BasicClientCookie cookie = new BasicClientCookie(name, value); cookie.setPath(getDefaultPath(origin)); cookie.setDomain(getDefaultDomain(origin)); NameValuePair[] attribs = headerelement.getParameters(); for(int j = attribs.length - 1; j >= 0; --j) { NameValuePair attrib = attribs[j]; String s = attrib.getName().toLowerCase(Locale.ROOT); cookie.setAttribute(s, attrib.getValue()); CookieAttributeHandler handler = this.findAttribHandler(s); <========= if (handler != null) { handler.parse(cookie, attrib.getValue()); } } cookies.add(cookie); } } return cookies; }
The above marked line returns a BasicExpiresHandler when the attribute s = "expires" which had the one and only one date format EEE, dd-MMM-yy HH:mm:ss
Attachments
Issue Links
- relates to
-
CONFSERVER-53651 HTTP Client in Confluence does not accept RFC6265 compliant date format in "Expires" cookie header
- Closed
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...