3 Replies Latest reply on Aug 23, 2016 9:28 AM by hans.poo

Cookie blocked by wildfly 8.2.0

hans.poo Aug 22, 2016 7:28 PM

Hi,

I'm using play framework 1.4.2 deployed as a war in a wildfly-8.2.0.Final jee container.

Play has its own cookies for session tracking, and until we have traced, the Cookie header is not being forwarded by jboss to the application. The app is putting the Set Cookie, and the Browser is sending it back as inspected with Firebug.

Normal traffic browser server without Wildfly is:

Set-Cookie: PLAY_SESSION=5fb261543bc78971cf2c6471cee46586997e2171-n=5; Path=/premios/

Cookie: PLAY_SESSION=1d90379f1e005dc67fcf80b944cad0cd1064d56a-n=4

But with Wildfly:

Set-Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1; path=/premios/;

Any Help Will be appreciated,

Thank you

Hans Poo

1. Re: Cookie blocked by wildfly 8.2.0

ctomc Aug 23, 2016 4:57 AM (in response to hans.poo)

the "=" character is not allowed by cookie spec to be in value of the cookie.

To make it work anyway change configuration of undertow subsystem in standalone.xml (or the config you are using)
and add allow-equals-in-cookie-value="true" to http-listener (or any other listeners you are using) to allow equals char in the cookie value.
Actions
2. Re: Cookie blocked by wildfly 8.2.0

hans.poo Aug 23, 2016 8:47 AM (in response to ctomc)

Tomas

First of all thank you for your help.
Looking at the http traffic we found the problem, but it weren't the equals sign. The solution was framework configuration.

Any way, we applied the attribute with:
<http-listener name="default" socket-binding="http" allow-equals-in-cookie-value="true"/>

The problem persisted, but running tcpdump with:
sudo tcpdump -A -i lo port 9080 2>&1|grep PLAY_SESSION

The results are:

With embedded native http server of app (netty) it works:

Set-Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1; Path=/premios/
Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1
Set-Cookie: PLAY_SESSION=e94774ce09de8b20d63ae3e2588e03b117cdcdd5-n=2; Path=/premios/
Cookie: PLAY_SESSION=e94774ce09de8b20d63ae3e2588e03b117cdcdd5-n=2
Set-Cookie: PLAY_SESSION=6648c5b5a791f5fc2eb38c0bfd82c8282c585206-n=3; Path=/premios/
Cookie: PLAY_SESSION=6648c5b5a791f5fc2eb38c0bfd82c8282c585206-n=3
Set-Cookie: PLAY_SESSION=1d90379f1e005dc67fcf80b944cad0cd1064d56a-n=4; Path=/premios/

Behind jboss deployed as a war:
Set-Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1; path=/premios/; secure
Set-Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1; path=/premios/; secure
Set-Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1; path=/premios/; secure
Set-Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1; path=/premios/; secure

HTTP Traffic shows that in the traffic under Wildfly the cookie was marked as secure, and without Wildfly was no secure.
The war was created with the command:
play war --zip -o /tmp/premios --%prod

We explicitilly set the parameter in application.conf to unsecure and it is working:
application.session.secure=false

And the we regenerated the war.

Thanks again,
Hans
Actions
3. Re: Cookie blocked by wildfly 8.2.0

hans.poo Aug 23, 2016 9:28 AM (in response to hans.poo)

Hi,

Tomas, you were right.
Besides app configuration it was neccesary to put the allow-equals paramater.

Thanks a lot !!
Hans
Actions

Go to original post