Mícéal Gallagher in Java 2 minutes

Jetty - Woes upgrading from Jetty 6 to 9

Introduction

Upgrading project dependencies is rarely seamless. Most recently I encountered difficulty when a project I was working on required moving from Jetty 6 to 9 and that’s when the problem occurred.

The Problem

The problem manifested itself in the following manner: once logged into application-A navigating to application-B in another tab would result in subsequent application-A requests being unauthorized. Upon further investigation it would appear that application-B was invalidating the session of application-A; this became obvious when the cookie named SESSION_ID would be changed to another GUID for application-A when a request was made to application-B.

What was happening

Application-A and application-B are fighting for ownership of the session. When attempting to use B once logged into A, B owns the session; when attempting to use A while logged into B, A owns the session. So what is happening? Because the two applications are located at the same URL, Jetty issues a new session Id because it is exactly that, a new session.

The Solution

It turns out that during the migration to Jetty 9 some members got deprecated and this temporary code was commented out during the immediate transition to Jetty 9.

```java//context.getSessionHandler().getSessionManager().setSessionCookie(port + “port”);


All that was required was updating the code to conform to the new changes of the Jetty web server which were as follows:

```javaSessionHandler sh = context.getSessionHandler();
HashSessionManager sm = (HashSessionManager)
sh.getSessionManager();
sm.setSessionCookie(port + "port");

Conclusion

Sometimes 4 lines of code is the result of 3 days of investigation.