-
1. Re: Cookie blocked by wildfly 8.2.0
ctomc Aug 23, 2016 4:57 AM (in response to hans.poo)the "=" character is not allowed by cookie spec to be in value of the cookie.
To make it work anyway change configuration of undertow subsystem in standalone.xml (or the config you are using)
and add allow-equals-in-cookie-value="true" to http-listener (or any other listeners you are using) to allow equals char in the cookie value.
-
2. Re: Cookie blocked by wildfly 8.2.0
hans.poo Aug 23, 2016 8:47 AM (in response to ctomc)Tomas
First of all thank you for your help.
Looking at the http traffic we found the problem, but it weren't the equals sign. The solution was framework configuration.
Any way, we applied the attribute with:
<http-listener name="default" socket-binding="http" allow-equals-in-cookie-value="true"/>
The problem persisted, but running tcpdump with:
sudo tcpdump -A -i lo port 9080 2>&1|grep PLAY_SESSION
The results are:
With embedded native http server of app (netty) it works:
Set-Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1; Path=/premios/
Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1
Set-Cookie: PLAY_SESSION=e94774ce09de8b20d63ae3e2588e03b117cdcdd5-n=2; Path=/premios/
Cookie: PLAY_SESSION=e94774ce09de8b20d63ae3e2588e03b117cdcdd5-n=2
Set-Cookie: PLAY_SESSION=6648c5b5a791f5fc2eb38c0bfd82c8282c585206-n=3; Path=/premios/
Cookie: PLAY_SESSION=6648c5b5a791f5fc2eb38c0bfd82c8282c585206-n=3
Set-Cookie: PLAY_SESSION=1d90379f1e005dc67fcf80b944cad0cd1064d56a-n=4; Path=/premios/
Behind jboss deployed as a war:
Set-Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1; path=/premios/; secure
Set-Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1; path=/premios/; secure
Set-Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1; path=/premios/; secure
Set-Cookie: PLAY_SESSION=f77238a982f6d14f0341a7e62eb0090003adab09-n=1; path=/premios/; secure
HTTP Traffic shows that in the traffic under Wildfly the cookie was marked as secure, and without Wildfly was no secure.
The war was created with the command:
play war --zip -o /tmp/premios --%prod
We explicitilly set the parameter in application.conf to unsecure and it is working:
application.session.secure=false
And the we regenerated the war.
Thanks again,
Hans
-
3. Re: Cookie blocked by wildfly 8.2.0
hans.poo Aug 23, 2016 9:28 AM (in response to hans.poo)Hi,
Tomas, you were right.
Besides app configuration it was neccesary to put the allow-equals paramater.
Thanks a lot !!
Hans