Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: core, extras-executable-war
Labels:
- 2.176.3-rejected
Environment:
Jenkins 1.581, launched through the built in Jetty

Similar Issues:

Show
Released As:
Jenkins 2.184

Description

Each time Jenkins (re)starts, its session-cookie name changes (ie JSESSIONID.some_random_string).

After a while, the browser have a bunch of session cookies, each one having a different name, causing the "Cookie" request header to be very long. The server returns a HTTP 413 response and a blank page. The user must clean his cookies in order to access Jenkins again.

Workaround: Since Jenkins 2.66 there are custom options for managing Jetty session IDs: https://github.com/jenkinsci/extras-executable-war/#jetty-session-ids

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

413_on_requests.png
144 kB
2015-07-06 09:38
full_of_session_cookie.png
146 kB
2015-07-06 09:38

Issue Links

is duplicated by

JENKINS-36880 WARNING: badMessage: 413 for HttpChannelOverHttp and WARNING: Header is too large >8192

Resolved

JENKINS-36993 Cookie header too long, causing a 413 HTTP error

Resolved

JENKINS-43927 Unable to login due to too many jsessionids creating a too large header

Resolved

JENKINS-45449 "Bad Message 431" everywhere

Closed

is related to

JENKINS-44894 Make Jetty Session ID configurable via System properties

Resolved

links to

acceptance-test-harness PR-497

CloudBees Internal OSS-2226

PR-3939

(4 links to)

Activity

People

Assignee:: Unassigned

Reporter:: Eric Citaire

Votes:: 44 Vote for this issue

Watchers:: 43 Start watching this issue

Dates

Created:: 2014-10-08 14:20

Updated:: 2023-07-05 12:30