Clarity

  • Private Community

  • 1.  protocol.ResponseProcessCookies - WARN messages in app-ca.log

    Posted Aug 04, 2015 12:27 PM

    I see a lot of below mentioned messages in the app-ca.log -

     

    WARN  2015-08-04 07:47:27,942 [ZZZZ] protocol.ResponseProcessCookies (clarity:XXXX:*********:none) Invalid cookie header: "Set-Cookie: userLocale=en_US;secure;Expires=Wed,;secure; 5-Aug-2015 14:47:27;secure; GMT;Secure;HttpOnly". Unable to parse expires attribute: Wed,

     

    What would be the reason for this ?

     

    Also, have seen security pop up when downloading from Advanced Reporting (Jaspersoft). If I click on Cancel it goes away and the Excel spreadsheet loads fine. You do not get it when downloading PDF, only an editable file.

     

    Has anyone experienced this ?

     

    NJ



  • 2.  Re: protocol.ResponseProcessCookies - WARN messages in app-ca.log

    Broadcom Employee
    Posted Aug 04, 2015 01:14 PM

    Hi navzjoshi00

     

    This looks lke the header mismatch, can you please provide steps to reproduce and I will test and revert back.

     

    Regards

    Suman Pramanik



  • 3.  Re: protocol.ResponseProcessCookies - WARN messages in app-ca.log

    Posted Aug 04, 2015 04:46 PM

    It looks like a tokenization issue.  The comma in the date is being seen as a delimiter and the ;secure; cookie directive is being injected into the middle of the value accidentally.

     

    What's your exact patch and version number of Clarity?  Also can you confirm your secure cookie settings on the application properties tab of the CSA (and if enabled, see if the warnings disappear when they are disabled as a test if possible)?



  • 4.  Re: protocol.ResponseProcessCookies - WARN messages in app-ca.log

    Posted Aug 05, 2015 04:45 AM

    14.2.0.237 



  • 5.  Re: protocol.ResponseProcessCookies - WARN messages in app-ca.log
    Best Answer

    Posted Aug 06, 2015 12:39 PM

    The options in the CSA for Use Secure Session Cookie and Use HTTP Session Cookie are responsible for the piece at the end of the line where it says ";Secure;HttpOnly".

     

    I haven't seen anywhere where we add the ";secure;" keyword into individual parts of the cookie after each token, but that doesn't mean it doesn't happen somewhere (given that it seems to be complaining in the app-ca.log when this cookie set directive is being added to the response, maybe it does).

     

    I also couldn't find where we would set a cookie with the userLocale key/value and an expiry date associated with it (I went through advanced reporting and exporting to excel as part of that coverage too), but somewhere within Jaspersoft / Advanced Reporting is most likely based on some test cases I saw.

     

    Maybe we can learn more about that in time, however for the meantime if it is preferred to suppress this message in some places (e.g. for production environments) then you may want to add a logger category name of org.apache.http.client.protocol or org.apache.http.client.protocol.ResponseProcessCookies and set it to ERROR level.  Lacking an environment I can currently reproduce this on, I'm taking a small leap of faith that those log changes will work, but based on what I was seeing here it seemed it would: http://stackoverflow.com/questions/3248528/how-do-i-turn-off-warning-messages-in-httpclient-for-log4j

     

    Also are you seeing this with other cookies being set or only the examples of userLocale / Expires combinations?



  • 6.  Re: protocol.ResponseProcessCookies - WARN messages in app-ca.log

    Posted Aug 06, 2015 10:24 PM

    Also, this is an on-demand environment

     

    NJ



  • 7.  Re: protocol.ResponseProcessCookies - WARN messages in app-ca.log

     
    Posted Aug 14, 2015 05:06 PM

    Hi NJ - We're you able to make any progress with this?