Loading...

Details

Type: Bug
Resolution: Unresolved
Priority: Low
Fix Version/s: None
Affects Version/s: 7.5.0, 7.5.1, 7.7.1, 7.10.2, 8.5.1, 7.13.11, 8.13.0, 8.13.4, 8.13.13
Component/s: System Administration - Others
Labels:
- delta
- whl-fy24q3

Introduced in Version:
7.05
Support reference count:
71
Symptom Severity:
Severity 3 - Minor
UIS:
8
Bug Fix Policy:
View Atlassian Server bug fix policy
Current Status:

Hide

Atlassian Update – 17 May 2023

Hi everyone,

We’ve investigated the bug and decided to lower its priority.

Reason:

This bug is an issue in HTTP Client library which, according to our analysis, does not have any known functional impact on Jira (apart from the Warning message in logs). See also the paralel issue in Confluence which reached a similar conclusion: https://jira.atlassian.com/browse/CONFSERVER-53651

Next steps:

If you discover that this bug is having any direct functional impact on your Jira, kindly contact support and provide a more detailed description of the issue. Doing so will enable us to investigate and reevaluate its priority.

Best regards,
Krzysztof Krysiak
Jira Developer

Show
Atlassian Update – 17 May 2023 Hi everyone, We’ve investigated the bug and decided to lower its priority. Reason : This bug is an issue in HTTP Client library which, according to our analysis, does not have any known functional impact on Jira (apart from the Warning message in logs). See also the paralel issue in Confluence which reached a similar conclusion: https://jira.atlassian.com/browse/CONFSERVER-53651 Next steps : If you discover that this bug is having any direct functional impact on your Jira, kindly contact support and provide a more detailed description of the issue. Doing so will enable us to investigate and reevaluate its priority. Best regards, Krzysztof Krysiak Jira Developer

Description

When using AWS Application Load Balancer, the following WARN log messages are shown in the logs, as JIRA does not understand the "Expires" header used for sticky sessions.

2017-09-27 01:44:47,292 HealthCheck:thread-7 WARN [o.a.h.client.protocol.ResponseProcessCookies] Invalid cookie header: "Set-Cookie: AWSALB=0ZUqvdBS59ZoSCeAklRnPxaqGXvsz6Nmj3KttNZeNpe67cZkWR+Oo4QxRT+BZR+gMEpm/GjnXDLeygXt57f1XUXVEXaL2HDIxVb29dGrYcV74ygN6I4/AnaoCK+r; Expires=Wed, 04 Oct 2017 01:44:47 GMT; Path=/". Invalid 'expires' attribute: Wed, 04 Oct 2017 01:44:47 GMT

2017-09-27 10:26:18,143 http-nio-8080-exec-1 WARN ahsdm 626x381427x1 1a6ih9p 192.168.200.108,127.0.0.1 /secure/Dashboard  [o.a.h.client.protocol.ResponseProcessCookies] Invalid cookie header: "Set-Cookie: AWSALB=ABUqvdBS59ZoSCeAklRnPxaqGXvsz6Nmj3KttNZeNpe67cZkWR+AAo4QxZR+gMEpm/GjnXDLeygXt57f1XUXVEXaL2HDIxVb29dGrYcV74ygN6naoCK+r; Expires=Wed, 04 Oct 2017 01:44:47 GMT; Path=/". Invalid 'expires' attribute: Wed, 04 Oct 2017 02:44:47 GMT

From RFC6265

   == Server -> User Agent ==

   Set-Cookie: lang=en-US; Expires=Wed, 09 Jun 2021 10:18:14 GMT

Using the debugger, it looks like the only accepted date format is EEE, dd-MMM-yy HH:mm:ss z.. For some reason the code path that it is going down is not supporting the newer date formats and the Cookie Spec in the Debugger lists RFC2965, RFC2109 and Netscape:

From the Apache http-client 4.5.3 JAR /org/apache/http/impl/cookie/CookieSpecBase.class:

I also saw:

     protected List<Cookie> parse(HeaderElement[] elems, CookieOrigin origin) throws MalformedCookieException {
        List<Cookie> cookies = new ArrayList(elems.length);
        HeaderElement[] arr$ = elems;
        int len$ = elems.length;

        for(int i$ = 0; i$ < len$; ++i$) {
            HeaderElement headerelement = arr$[i$];
            String name = headerelement.getName();
            String value = headerelement.getValue();
            if (name != null && !name.isEmpty()) {
                BasicClientCookie cookie = new BasicClientCookie(name, value);
                cookie.setPath(getDefaultPath(origin));
                cookie.setDomain(getDefaultDomain(origin));
                NameValuePair[] attribs = headerelement.getParameters();

                for(int j = attribs.length - 1; j >= 0; --j) {
                    NameValuePair attrib = attribs[j];
                    String s = attrib.getName().toLowerCase(Locale.ROOT);
                    cookie.setAttribute(s, attrib.getValue());
                    CookieAttributeHandler handler = this.findAttribHandler(s); <=========
                    if (handler != null) {
                        handler.parse(cookie, attrib.getValue());
                    }
                }

                cookies.add(cookie);
            }
        }

        return cookies;
    }

The above marked line returns a BasicExpiresHandler when the attribute s = "expires" which had the one and only one date format EEE, dd-MMM-yy HH:mm:ss

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

debugger1.png
301 kB
02/Oct/2017 5:12 AM
debugger2.png
235 kB
02/Oct/2017 5:13 AM

Issue Links

relates to

CONFSERVER-53651 HTTP Client in Confluence does not accept RFC6265 compliant date format in "Expires" cookie header

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(9 mentioned in)

HTTP Client in JIRA does not accept RFC6265 compliant date format in "Expires" cookie header

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates