Invalid cookie header

[kryptonit1]

JAWA seems to be causing a lot of warning messages in the Jamf Pro Server Log (please see below). Would this be possible to fix?

2022-01-20 08:47:30,806 [WARN ] [alPool-1915] [ResponseProcessCookies ] - Invalid cookie header: "Set-Cookie: session=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/". Invalid 'expires' attribute: Thu, 01 Jan 1970 00:00:00 GMT

[ball42]

I'm looking into this one - it looks like this occurs whenever the 401 response is returned to JPS from JAWA. I think it makes sense to resolve this bug alongside the enhancement work for #27, so it will tentatively be marked for the v3.0.3 release. Thanks for the feedback!

[kryptonit1]

Thanks a lot! :)

[kryptonit1]

Just an update: I don't think this occurs only when there's a 401 response. I'm seeing this when there's a proper response as well. If there's a need for further logs or similar please let me know.

[ball42]

Thank you for the update! I did some more digging on this issue and confirmed that the warning appears to be consistent across all JAWA responses. The java http client JPS is using to send the webhook event is not expecting the 'expires' attribute, but this attribute is included by default with Flask/Werkzeug responses. I'll keep trying to work around this, but it's currently at an impasse due to JAWA's design. Thankfully the warnings are harmless, just very chatty.

I'll leave this issue open until the situation changes.

[ball42]

I did the homework and confirmed that the cookie response JAWA provides is compliant with modern standards (RFC 6265), so there's no reasonable adjustments that can be made to JAWA's codebase to make this warning go away. I submitted a Jamf Pro feature request JN-I-26298 which describes the issue and proposes a fix within Jamf Pro. Please take a look and upvote if removing this warning is desirable.

I'll continue to keep the issue open for awareness.

[kryptonit1]

Thank you! I've upvoted the feature request.

[ball42]

I think that the issue has been resolved in Jamf Pro as I am no longer observing these WARN log statements from JAWA's response. @kryptonit1, can you verify if the issue is still occurring in your Jamf Pro Server Log? I'll continue testing and observing before closing this issue out.

[ball42]

These log statements appear to have been suppressed and/or the root cause has been resolved in a recent release of Jamf Pro. Closing this issue for now.