1

I am trying to set a cookie for the below domain and doing a 307 redirect. However, the the cookie doesnt seem to be getting set and is not present on subsequent requests from the browser. Anything that i am missing?

import javax.ws.rs.*;
import javax.ws.rs.core.*;

public Response getUserInfo() {
     try {
         return Response.temporaryRedirect(new java.net.URI(this.loginResponseRedirectUrl))
             .cookie(new NewCookie("xxxx", "value", "/", ".test.net", 1, null, 24*60*60, false ))
             .build();

     } catch(Exception e) {
         System.out.println("REDIRECT EXCEPTION " + e.getMessage());
     }
}
Prashanth
  • 501
  • 1
  • 4
  • 5
  • what is your jersey version ? – jeorfevre May 14 '15 at 19:56
  • 1.19 Note that the domain i am trying to set is different from the domain of the incoming request. Is it just not possible to do that? – Prashanth May 14 '15 at 20:28
  • can you enable logging in order to see if cookie is sent from jersey server and that way we can see if client is not receiving even with server sending please : – jeorfevre May 14 '15 at 20:36

1 Answers1

1

you might send cookie from server but client reject it in order to see if this appens can you enable logging

in jersey 1.x go in your web.xml and add :

<init-param>
    <param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
    <param-value>com.sun.jersey.api.container.filter.LoggingFilter</param-value>
</init-param>
<init-param>
    <param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
    <param-value>com.sun.jersey.api.container.filter.LoggingFilter</param-value>
</init-param>

Give me feedback in order to help you solve that.

jeorfevre
  • 2,286
  • 1
  • 17
  • 27
  • Show me the server trace please. – jeorfevre May 14 '15 at 21:38
  • you won't have any cookie rejection error, but you will see no cookie on response of your jersey server code. – jeorfevre May 14 '15 at 23:17
  • well, I see the cookie in the response and I even see it in the 302 response for the request in the browser (Set-Cookie) header, but the browser ignored to set it because of security limitation maybe..To give a little context: I was trying to set the cookie domain to be a.com and do a redirect to a.com while the requesting incoming one is at b.com domain – Prashanth May 15 '15 at 00:08
  • 1.domain names must have two dots (see the RFC http://tools.ietf.org/html/rfc1034#section-3.5) to be valid 2. caution on dev envs: cookie domain must be set to "" and not localhos – jeorfevre May 15 '15 at 00:46