Chrome not clearing JSESSIONID cookie causes a redirect loop
Ramgopal Lamrod
I have an application that receives HTTP/HTTPs requests on Apache Web Server and passes it on to tomcat.
Recently, I've been facing problems with sessions and redirection loops on Google Chrome and Firefox browsers after some user logs out the expiration of sessions. I managed to trace down the problem and found that the browser is not clearing the JSESSIONID cookie. After manually clearing that, it starts to work again.
I have checked the log files of Apache Web Server and I found this:
172.16.254.157 - - [06/Feb/2017:05:23:27 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:29 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:29 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:29 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:30 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:30 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:30 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:31 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:31 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:31 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:32 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:32 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:32 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:33 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:33 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:33 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:34 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:34 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:34 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:35 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
172.16.254.157 - - [06/Feb/2017:05:23:35 -0600] "GET /preview/login.admin HTTP/1.1" 302 20
122.176.45.206 - - [06/Feb/2017:05:24:33 -0600] "GET /preview/login.admin HTTP/1.1" 302 20Apache Server is getting these requests, but nothing is being forwarded to Tomcat.
The network tab of Chrome's inspect element window shows me this:
But this works after I clear the JSESSIONID cookie.
This is rather strange, but this issue started about a week ago (The application is working since last 4 years!), and that coincides with the new update rollout.
I have tried googling stuff and found out that people had similar issues back in 2012 and '15.
Is something really wrong with Chrome? Are the internet standards changing? Nonetheless, how can I fix this?