Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago Are you sure that there exists an HTTP session cookie right before the eID
Applet runs?Original comment by frank.co...@gmail.com on 19 Apr 2010 at 10:07
GoogleCodeExporter
commented
9 years ago Here is a execution sample:
1) Right before the eID Applet runs, firefox shows session cookie with the
session id
: 1E7D19D5057C1A353E8936DB3718A8FA
2) when I run the applet, i get that log on the server side :
---------------
DEBUG 16:05:08,485 be.fedict.eid.applet.service.AppletServiceServlet - doPost
DEBUG 16:05:08,485 be.fedict.eid.applet.service.impl.HttpServletProtocolContext
-
current protocol state: null s, session:1B0FB2036FE29CB50F9C22B64E5CB70E,
creationTime:1271772308485, lastAccessTime:1271772308485
DEBUG 16:05:08,485 be.fedict.eid.applet.service.impl.HttpServletProtocolContext
-
protocol state transition: INIT, session:1B0FB2036FE29CB50F9C22B64E5CB70E,
creationTime:1271772308485, lastAccessTime:1271772308485
DEBUG 16:05:08,485
be.fedict.eid.applet.service.impl.handler.HelloMessageHandler -
hello message received
DEBUG 16:05:08,501 be.fedict.eid.applet.service.impl.HttpServletProtocolContext
-
current protocol state: INIT s, session:1B0FB2036FE29CB50F9C22B64E5CB70E,
creationTime:1271772308485, lastAccessTime:1271772308485
DEBUG 16:05:08,501 be.fedict.eid.applet.service.impl.HttpServletProtocolContext
-
protocol state transition: IDENTIFY, session:1B0FB2036FE29CB50F9C22B64E5CB70E,
creationTime:1271772308485, lastAccessTime:1271772308485
DEBUG 16:05:08,501
be.fedict.eid.applet.service.impl.CleanSessionProtocolStateListener - cleaning
up the
identity session attributes...
--------------------
So the session ID has changed but firefox still display the old session id in
http
session cookie...
3) Next, if click "yes" on the privacy popup, the server log is :
--------------------
DEBUG 16:05:28,625 be.fedict.eid.applet.service.AppletServiceServlet - doPost
DEBUG 16:05:28,625 be.fedict.eid.applet.service.impl.HttpServletProtocolContext
-
current protocol state: null s, session:40CE272FF239AA0D7CD982927E9DE5A8,
creationTime:1271772328625, lastAccessTime:1271772328625
16:05:28 org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: "Servlet.service()" pour la servlet AppletServiceServlet a généré une
exception
java.lang.RuntimeException: expected a protocol start message
--------------------
A new session ID is created again. Firefox still display the initial session id.
I'm not sure if the http session cookie displayed in firefox is properly
refreshed
but it seems that a new session id is created each time the applet communicates
with
the server.
Here is the applet log (note that the server asks for a new session cookie):
--------------------
Niveau de traçage fixé à 5 : tous ... terminés.
basic: Starting applet teardown
basic: Finished applet teardown
basic: Récepteur de progression ajouté :
sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@15718f2
basic: Applet chargé.
basic: Applet resized and added to parent container
basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt
128350 us,
pluginInit dt 24251225 us, TotalTime: 24379575 us
basic: Applet initialized
basic: Récepteur de progression supprimé :
sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@15718f2
basic: Applet made visible
basic: Starting applet
basic: Applet started
basic: Told clients applet is started
network: Connexion de https://10.32.128.216:8443/mywebapp/applet-service avec
proxy=DIRECT
network: Connexion de http://10.32.128.216:8443/ avec proxy=DIRECT
network: Serveur https://10.32.128.216:8443/mywebapp/applet-service demandant de
définir un cookie avec "JSESSIONID=1B0FB2036FE29CB50F9C22B64E5CB70E;
Path=/mywebapp;
Secure"
network: Connexion de https://10.32.128.216:8443/mywebapp/applet-service avec
proxy=DIRECT
network: Connexion de http://10.32.128.216:8443/ avec proxy=DIRECT
--------------------
thxOriginal comment by sebastie...@gmail.com on 20 Apr 2010 at 2:39
GoogleCodeExporter
commented
9 years ago Normally the Java plugin runtime received the session cookie from the web
browser and uses this session cookie when the eID Applet communicates with the
server. Apparently you're mixing http with https, which probably causes some
session cookie issues (Secure session cookie).Original comment by frank.co...@gmail.com on 21 Jun 2010 at 3:33
GoogleCodeExporter
commented
9 years ago Hi,
This is not related to a http/https mixing.
Since the revision 322
"eid-applet-core/src/main/java/be/fedict/eid/applet/Controller.java" the applet
displays the message "Error: No session cookie detected!" before the error
occurs and I was able to reproduce the issue by disabling cookies in Firefox
3.6.6.
If cookies are necessary to allow the use of the eID applet I suggest to return
an error code directly like "SESSION_COOKIE_ERROR" instead of starting to
exchange data with the server and then return a generic error. Thus, we can
display a user friendly message asking to enable cookies to use the eID applet.
Original comment by sebastie...@gmail.com on 14 Jul 2010 at 3:49
GoogleCodeExporter
commented
9 years ago The problem with turning the session cookie detection into an error code is
that we cannot differentiate between a server setting the session cookie to
HttpOnly, or a web browser having disabled the usage of session cookie. So for
the moment we can only give some warning in the detail messages.Original comment by frank.co...@gmail.com on 19 Jul 2010 at 12:39
GoogleCodeExporter
commented
9 years ago Hello, and thanks for providing this open source.
Same error here however: expected a protocol start message
Only in Firefox, not in iE.
Is there a fix yet for this?Original comment by polarpu...@hotmail.com on 14 Oct 2010 at 3:53
Original issue reported on code.google.com by
sebastie...@gmail.comon 9 Apr 2010 at 12:36