We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug
Responses from a simple Jakarta Rest endpoint always contain a JSESSIONID cookie if server.xml contains
JSESSIONID
server.xml
<feature>audit-1.0</feature>
...even if the endpoint implementation doesn't use HttpSession. (Without audit-1.0, no JSESSIONID is returned as expected.)
HttpSession
audit-1.0
Steps to Reproduce
Implement a simple Rest endpoint like
@RequestScoped @Path("/testclass") public class MyTestService { @GET @Path("/testmethod") public String myTest() throws Exception { return "SUCCESS"; } }
Ensure <feature>audit-1.0</feature> is in server.xml.
Call https://localhost:9445/testclass/testmethod, check response Cookies.
https://localhost:9445/testclass/testmethod
Expected behavior
The response should not contain a new JSESSIONIDcookie.
Diagnostic information:
<featureManager> <feature>microProfile-5.0</feature> <feature>transportSecurity-1.0</feature> <feature>beanValidation-3.0</feature> <feature>socialLogin-1.0</feature> <feature>openidConnectClient-1.0</feature> <feature>audit-1.0</feature> <feature>jdbc-4.2</feature> <feature>persistence-3.0</feature> <feature>requestTiming-1.0</feature> </featureManager>
The text was updated successfully, but these errors were encountered:
Found a possible cause in the following and a couple other places.
https://github.com/OpenLiberty/open-liberty/blob/integration/dev/com.ibm.ws.security.audit.source/src/com/ibm/ws/security/audit/source/utils/AuditUtils.java#L87
Planning to provide a test patch to @amasson88 for his feedback. Targeting sometime next week.
Sorry, something went wrong.
una-tapa
Successfully merging a pull request may close this issue.
Describe the bug
Responses from a simple Jakarta Rest endpoint always contain a
JSESSIONID
cookie ifserver.xml
contains...even if the endpoint implementation doesn't use
HttpSession
.(Without
audit-1.0
, noJSESSIONID
is returned as expected.)Steps to Reproduce
Implement a simple Rest endpoint like
Ensure
<feature>audit-1.0</feature>
is inserver.xml
.Call
https://localhost:9445/testclass/testmethod
, check response Cookies.Expected behavior
The response should not contain a new
JSESSIONID
cookie.Diagnostic information:
The text was updated successfully, but these errors were encountered: