Sandeep More created KNOX-2538:
----------------------------------
Summary: JSESSIONID cookie missing when Zeppelin UI proxied via
Knox
Key: KNOX-2538
URL: https://issues.apache.org/jira/browse/KNOX-2538
Project: Apache Knox
Issue Type: Bug
Components: Server
Reporter: Sandeep More
Assignee: Sandeep More
Fix For: 1.6.0
Sometimes Knox gateway sends back Set-Cookie header in not proper formatted
way, mix attribute order
{code}
properly formatted SET-COOKIE response (start with JSESSIONID)
GET /zeppelin/api/security/ticket
Set-Cookie: JSESSIONID=ba760126-414f-406d-baa1-99e14eb47656; SameSite=none;
Secure; Path=/; HttpOnly
{code}
{code}
not properly formatted SET-COOKIE response
GET /zeppelin/api/security/ticket
Set-Cookie: SameSite=none; Secure; Path=/;
JSESSIONID=b2934cd3-820a-47da-a9b8-4b3af3284502; HttpOnly
{code}
_Informally, the Set-Cookie response header contains the header name
"Set-Cookie" followed by a ":" and a cookie. Each cookie begins with a
name-value-pair, followed by zero or more attribute-value pairs. _
- [Set-Cookie specification|https://tools.ietf.org/html/rfc6265#section-4.1.1]
Not properly formatted SET-COOKIE issue is not always present, sometimes it is
working, sometimes is not. Please try a couple of times to reproduce this
issue, If the JSESSIONID cookie presents, remove it manually and refresh the
page to simulate session timeout case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
