JAWA icon indicating copy to clipboard operation
JAWA copied to clipboard

Published 20 hours ago verified publisher icon jamf

Invalid cookie header

Open kryptonit1 opened this issue 3 years ago • 6 comments

JAWA seems to be causing a lot of warning messages in the Jamf Pro Server Log (please see below). Would this be possible to fix?

2022-01-20 08:47:30,806 [WARN ] [alPool-1915] [ResponseProcessCookies ] - Invalid cookie header: "Set-Cookie: session=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/". Invalid 'expires' attribute: Thu, 01 Jan 1970 00:00:00 GMT

kryptonit1 avatar Jan 20 '22 08:01 kryptonit1

I'm looking into this one - it looks like this occurs whenever the 401 response is returned to JPS from JAWA. I think it makes sense to resolve this bug alongside the enhancement work for #27, so it will tentatively be marked for the v3.0.3 release. Thanks for the feedback!

ball42 avatar Jan 27 '22 21:01 ball42

Thanks a lot! :)

kryptonit1 avatar Jan 27 '22 21:01 kryptonit1

Just an update: I don't think this occurs only when there's a 401 response. I'm seeing this when there's a proper response as well. If there's a need for further logs or similar please let me know.

kryptonit1 avatar Apr 19 '22 07:04 kryptonit1

Thank you for the update! I did some more digging on this issue and confirmed that the warning appears to be consistent across all JAWA responses. The java http client JPS is using to send the webhook event is not expecting the 'expires' attribute, but this attribute is included by default with Flask/Werkzeug responses. I'll keep trying to work around this, but it's currently at an impasse due to JAWA's design. Thankfully the warnings are harmless, just very chatty.

I'll leave this issue open until the situation changes.

ball42 avatar Apr 27 '22 21:04 ball42

I did the homework and confirmed that the cookie response JAWA provides is compliant with modern standards (RFC 6265), so there's no reasonable adjustments that can be made to JAWA's codebase to make this warning go away. I submitted a Jamf Pro feature request JN-I-26298 which describes the issue and proposes a fix within Jamf Pro. Please take a look and upvote if removing this warning is desirable.

I'll continue to keep the issue open for awareness.

ball42 avatar Aug 25 '22 04:08 ball42

Thank you! I've upvoted the feature request.

kryptonit1 avatar Aug 29 '22 08:08 kryptonit1

I think that the issue has been resolved in Jamf Pro as I am no longer observing these WARN log statements from JAWA's response. @kryptonit1, can you verify if the issue is still occurring in your Jamf Pro Server Log? I'll continue testing and observing before closing this issue out.

ball42 avatar Jun 27 '23 15:06 ball42

These log statements appear to have been suppressed and/or the root cause has been resolved in a recent release of Jamf Pro. Closing this issue for now.

ball42 avatar Jul 05 '23 15:07 ball42