Comments (6)
Are you sure that there exists an HTTP session cookie right before the eID
Applet runs?
Original comment by [email protected]
on 19 Apr 2010 at 10:07
from eid-applet.
Here is a execution sample:
1) Right before the eID Applet runs, firefox shows session cookie with the
session id
: 1E7D19D5057C1A353E8936DB3718A8FA
2) when I run the applet, i get that log on the server side :
---------------
DEBUG 16:05:08,485 be.fedict.eid.applet.service.AppletServiceServlet - doPost
DEBUG 16:05:08,485 be.fedict.eid.applet.service.impl.HttpServletProtocolContext
-
current protocol state: null s, session:1B0FB2036FE29CB50F9C22B64E5CB70E,
creationTime:1271772308485, lastAccessTime:1271772308485
DEBUG 16:05:08,485 be.fedict.eid.applet.service.impl.HttpServletProtocolContext
-
protocol state transition: INIT, session:1B0FB2036FE29CB50F9C22B64E5CB70E,
creationTime:1271772308485, lastAccessTime:1271772308485
DEBUG 16:05:08,485
be.fedict.eid.applet.service.impl.handler.HelloMessageHandler -
hello message received
DEBUG 16:05:08,501 be.fedict.eid.applet.service.impl.HttpServletProtocolContext
-
current protocol state: INIT s, session:1B0FB2036FE29CB50F9C22B64E5CB70E,
creationTime:1271772308485, lastAccessTime:1271772308485
DEBUG 16:05:08,501 be.fedict.eid.applet.service.impl.HttpServletProtocolContext
-
protocol state transition: IDENTIFY, session:1B0FB2036FE29CB50F9C22B64E5CB70E,
creationTime:1271772308485, lastAccessTime:1271772308485
DEBUG 16:05:08,501
be.fedict.eid.applet.service.impl.CleanSessionProtocolStateListener - cleaning
up the
identity session attributes...
--------------------
So the session ID has changed but firefox still display the old session id in
http
session cookie...
3) Next, if click "yes" on the privacy popup, the server log is :
--------------------
DEBUG 16:05:28,625 be.fedict.eid.applet.service.AppletServiceServlet - doPost
DEBUG 16:05:28,625 be.fedict.eid.applet.service.impl.HttpServletProtocolContext
-
current protocol state: null s, session:40CE272FF239AA0D7CD982927E9DE5A8,
creationTime:1271772328625, lastAccessTime:1271772328625
16:05:28 org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: "Servlet.service()" pour la servlet AppletServiceServlet a généré une
exception
java.lang.RuntimeException: expected a protocol start message
--------------------
A new session ID is created again. Firefox still display the initial session id.
I'm not sure if the http session cookie displayed in firefox is properly
refreshed
but it seems that a new session id is created each time the applet communicates
with
the server.
Here is the applet log (note that the server asks for a new session cookie):
--------------------
Niveau de traçage fixé à 5 : tous ... terminés.
basic: Starting applet teardown
basic: Finished applet teardown
basic: Récepteur de progression ajouté :
sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@15718f2
basic: Applet chargé.
basic: Applet resized and added to parent container
basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt
128350 us,
pluginInit dt 24251225 us, TotalTime: 24379575 us
basic: Applet initialized
basic: Récepteur de progression supprimé :
sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@15718f2
basic: Applet made visible
basic: Starting applet
basic: Applet started
basic: Told clients applet is started
network: Connexion de https://10.32.128.216:8443/mywebapp/applet-service avec
proxy=DIRECT
network: Connexion de http://10.32.128.216:8443/ avec proxy=DIRECT
network: Serveur https://10.32.128.216:8443/mywebapp/applet-service demandant de
définir un cookie avec "JSESSIONID=1B0FB2036FE29CB50F9C22B64E5CB70E;
Path=/mywebapp;
Secure"
network: Connexion de https://10.32.128.216:8443/mywebapp/applet-service avec
proxy=DIRECT
network: Connexion de http://10.32.128.216:8443/ avec proxy=DIRECT
--------------------
thx
Original comment by [email protected]
on 20 Apr 2010 at 2:39
from eid-applet.
Normally the Java plugin runtime received the session cookie from the web
browser and uses this session cookie when the eID Applet communicates with the
server. Apparently you're mixing http with https, which probably causes some
session cookie issues (Secure session cookie).
Original comment by [email protected]
on 21 Jun 2010 at 3:33
- Changed state: WontFix
from eid-applet.
Hi,
This is not related to a http/https mixing.
Since the revision 322
"eid-applet-core/src/main/java/be/fedict/eid/applet/Controller.java" the applet
displays the message "Error: No session cookie detected!" before the error
occurs and I was able to reproduce the issue by disabling cookies in Firefox
3.6.6.
If cookies are necessary to allow the use of the eID applet I suggest to return
an error code directly like "SESSION_COOKIE_ERROR" instead of starting to
exchange data with the server and then return a generic error. Thus, we can
display a user friendly message asking to enable cookies to use the eID applet.
Original comment by [email protected]
on 14 Jul 2010 at 3:49
from eid-applet.
The problem with turning the session cookie detection into an error code is
that we cannot differentiate between a server setting the session cookie to
HttpOnly, or a web browser having disabled the usage of session cookie. So for
the moment we can only give some warning in the detail messages.
Original comment by [email protected]
on 19 Jul 2010 at 12:39
from eid-applet.
Hello, and thanks for providing this open source.
Same error here however: expected a protocol start message
Only in Firefox, not in iE.
Is there a fix yet for this?
Original comment by [email protected]
on 14 Oct 2010 at 3:53
from eid-applet.
Related Issues (20)
- Java 7 appletplugin and OS X HOT 14
- revision 723 build on windows has errors HOT 6
- Compilation on java 1.7 HOT 1
- java.io.IOException HOT 2
- empty "Request Authentication" popup before signing document HOT 1
- Improvement: Skip technical confirm box HOT 1
- How to supply an in memory document for signing to the applet HOT 1
- Card error after upgrading to eid applet 1.0.5 HOT 2
- Card using SHA256withRSA: failure to validate signed identity HOT 1
- PIN cache not working for SignRequest HOT 3
- Building applet fails with JDK 1.7u45 HOT 1
- Security warning message : The certificate used to identify this application is expire HOT 1
- Support intranet domainnames HOT 2
- https checks on localhost HOT 1
- Nationality not available
- Applet not working on Jboss + apache HOT 1
- Yomani and Xenta terminals are not detected when connected to desktop for reading EID card details.
- compute digital signature error
- Error using the new Belfius cardreader HOT 2
- eid-applet-package-1.1.3.jar returning error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from eid-applet.