Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-24925

Unneeded JSESSIONID cookies returned

    XMLWordPrintable

    Details

      Description

      NXRM has started to return JSESSIONID cookies. In the past these were not generated.

      curl 'http://localhost:8081/service/rapture/session'   -H 'Connection: keep-alive'   -H 'Pragma: no-cache'   -H 'Cache-Control: no-cache'   -H 'X-Requested-With: XMLHttpRequest'   -H 'X-Nexus-UI: true'   -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36'   -H 'NX-ANTI-CSRF-TOKEN: 0.20777158166126664'   -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'   -H 'Accept: */*'   -H 'Origin: http://localhost:8081'   -H 'Sec-Fetch-Site: same-origin'   -H 'Sec-Fetch-Mode: cors'   -H 'Sec-Fetch-Dest: empty'   -H 'Referer: http://localhost:8081/'   -H 'Accept-Language: en-US,en;q=0.9'   -H 'Cookie: NX-ANTI-CSRF-TOKEN=0.20777158166126664; _ga=GA1.1.918799830.1597419849; _gid=GA1.1.591002232.1597419849'   --data-raw 'username=YWRtaW4%3D&password=YWRtaW4xMjM%3D'   --compressed -v
*   Trying ::1:8081...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 8081 failed: Connection refused
*   Trying 127.0.0.1:8081...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8081 (#0)
> POST /service/rapture/session HTTP/1.1
> Host: localhost:8081
> Accept-Encoding: deflate, gzip
> Connection: keep-alive
> Pragma: no-cache
> Cache-Control: no-cache
> X-Requested-With: XMLHttpRequest
> X-Nexus-UI: true
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
> NX-ANTI-CSRF-TOKEN: 0.20777158166126664
> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
> Accept: */*
> Origin: http://localhost:8081
> Sec-Fetch-Site: same-origin
> Sec-Fetch-Mode: cors
> Sec-Fetch-Dest: empty
> Referer: http://localhost:8081/
> Accept-Language: en-US,en;q=0.9
> Cookie: NX-ANTI-CSRF-TOKEN=0.20777158166126664; _ga=GA1.1.918799830.1597419849; _gid=GA1.1.591002232.1597419849
> Content-Length: 43
> 
* upload completely sent off: 43 out of 43 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 204 No Content
< Date: Fri, 14 Aug 2020 15:58:21 GMT
< Server: Nexus/3.26.0-04 (PRO)
< X-Content-Type-Options: nosniff
< Set-Cookie: JSESSIONID=node0wa8z5s1cdgmc15v1nyqlq608j3.node0; Path=/
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Set-Cookie: NXSESSIONID=dd249c7b-8b34-4bda-bf2b-538a9520a757; Path=/; HttpOnly; SameSite=lax
< X-Frame-Options: DENY
<

      Expected

      Do not return JSESSIONID cookies. Sessions are tracked using NXSESSIONID cookies already.

        Attachments

          Activity

            People

            Assignee:
            dsawa Dawid Sawa
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Michael Prescott Michael Prescott
            Team:
            NXRM - Groot
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title