I've already tried setting the "Settings ⇨ Application ⇨ Site URL" to the externally accessible address, but unfortunately it didn't make any difference. The behavior remains the same – a new session is created on each request.
2025-04-11T14:00:26.585+02:002025-04-11T12:00:26Z, TRACE, http.PwmSession, created new session
2025-04-11T14:00:26.585+02:002025-04-11T12:00:26Z, TRACE, http.PwmSessionWrapper, {OQJGB} setting java servlet session timeout to 50m due to Setting Settings ⇨ Application ⇨ Application ⇨ Idle Timeout Seconds
2025-04-11T14:00:26.814+02:002025-04-11T12:00:26Z, TRACE, filter.RequestInitializationFilter, {OQJGB} user locale set to 'en' [85.86.87.88]
2025-04-11T14:00:26.814+02:002025-04-11T12:00:26Z, TRACE, http.PwmRequest, {OQJGB} GET request for: / (no params) [85.86.87.88]
2025-04-11T14:00:26.814+02:002025-04-11T12:00:26Z, TRACE, filter.SessionFilter, {OQJGB} http non-secure request headers: [85.86.87.88]
2025-04-11T14:00:26.814+02:00 host='
passwordmanager.dev.example.com'
2025-04-11T14:00:26.814+02:00 user-agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
135.0.0.0 Safari/537.36'
2025-04-11T14:00:26.814+02:00 accept='text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
2025-04-11T14:00:26.814+02:00 accept-encoding='gzip, deflate, br, zstd'
2025-04-11T14:00:26.814+02:00 accept-language='cs-CZ,cs;q=0.9'
2025-04-11T14:00:26.814+02:00 cache-control='max-age=0'
2025-04-11T14:00:26.814+02:00 dnt='1'
2025-04-11T14:00:26.814+02:00 referer='
https://login.microsoftonline.com/'
2025-04-11T14:00:26.814+02:00 sec-ch-ua='"Google Chrome";v="135", "Not-A.Brand";v="8", "Chromium";v="135"'
2025-04-11T14:00:26.814+02:00 sec-ch-ua-mobile='?0'
2025-04-11T14:00:26.814+02:00 sec-ch-ua-platform='"macOS"'
2025-04-11T14:00:26.814+02:00 sec-fetch-dest='document'
2025-04-11T14:00:26.814+02:00 sec-fetch-mode='navigate'
2025-04-11T14:00:26.814+02:00 sec-fetch-site='cross-site'
2025-04-11T14:00:26.814+02:00 server-timing='intid;desc=20eca66f9043ebb0'
2025-04-11T14:00:26.814+02:00 traceparent='00-000000000000000020eca66f9043ebb0-7aaf783820536a7a-01'
2025-04-11T14:00:26.814+02:00 tracestate='in=20eca66f9043ebb0;7aaf783820536a7a'
2025-04-11T14:00:26.814+02:00 upgrade-insecure-requests='1'
2025-04-11T14:00:26.814+02:00 x-appgw-trace-id='9b4d4661a56aae7aab0ce168b3539241'
2025-04-11T14:00:26.814+02:00 x-forwarded-for='85.86.87.88,
104.45.77.142:4945, 10.143.40.7'
2025-04-11T14:00:26.814+02:00 x-forwarded-host='
passwordmanager.dev.example.com'
2025-04-11T14:00:26.814+02:00 x-forwarded-port='443'
2025-04-11T14:00:26.814+02:00 x-forwarded-proto='https'
2025-04-11T14:00:26.814+02:00 x-forwarded-server='traefik-69bd47d458-2hcw4'
2025-04-11T14:00:26.814+02:00 x-instana-l='1'
2025-04-11T14:00:26.814+02:00 x-instana-s='7aaf783820536a7a'
2025-04-11T14:00:26.814+02:00 x-instana-t='20eca66f9043ebb0'
2025-04-11T14:00:26.814+02:00 x-ms-proxy='AzureAD-Application-Proxy'
2025-04-11T14:00:26.814+02:00 x-original-host='
passwordmanager.dev.example.com'
2025-04-11T14:00:26.814+02:00 x-original-url='/'
2025-04-11T14:00:26.814+02:00 x-real-ip='10.143.40.7'
2025-04-11T14:00:26.814+02:00 l5d-client-id='traefik-ingress-controller.ingresscontrollers.serviceaccount.identity.linkerd.cluster.local'
2025-04-11T14:00:26.814+02:002025-04-11T12:00:26Z, TRACE, filter.SessionFilter, {OQJGB} session has not been validated, redirecting with verification key to /?stickyRedirectTest=key [85.86.87.88]
2025-04-11T14:00:26.815+02:002025-04-11T12:00:26Z, TRACE, state.CryptoCookieLoginImpl, {OQJGB} wrote LoginInfoBean={"a":false,"p":"*hidden*","t":"UNAUTHENTICATED","af":[],"rq":"2025-04-11T12:00:26Z","g":"m9cqjj6hYKXUV2RXmyFbUbNTNazRhNs0ya9OkHHUCKxtusmWdplOeQupBV7HKDEKpc0Wr64D","c":0,"lf":[]} [85.86.87.88]
2025-04-11T14:00:26.815+02:002025-04-11T12:00:26Z, TRACE, http.PwmResponse, {OQJGB} sending 302 redirect to /?stickyRedirectTest=key [85.86.87.88]
2025-04-11T14:00:26.936+02:002025-04-11T12:00:26Z, TRACE, http.HttpEventManager, new http session created
2025-04-11T14:00:26.936+02:002025-04-11T12:00:26Z, TRACE, http.PwmSession, created new session
2025-04-11T14:00:26.936+02:002025-04-11T12:00:26Z, TRACE, http.PwmSessionWrapper, {vZJeP} setting java servlet session timeout to 50m due to Setting Settings ⇨ Application ⇨ Application ⇨ Idle Timeout Seconds
2025-04-11T14:00:27.048+02:002025-04-11T12:00:27Z, TRACE, filter.RequestInitializationFilter, {vZJeP} user locale set to 'en' [85.86.87.88]
2025-04-11T14:00:27.048+02:002025-04-11T12:00:27Z, TRACE, http.PwmRequest, {vZJeP} GET request for: / [85.86.87.88]
2025-04-11T14:00:27.048+02:00 stickyRedirectTest='key'
2025-04-11T14:00:27.048+02:002025-04-11T12:00:27Z, TRACE, filter.SessionFilter, {vZJeP} http non-secure request headers: [85.86.87.88]
2025-04-11T14:00:27.048+02:00 host='
passwordmanager.dev.example.com'
2025-04-11T14:00:27.048+02:00 user-agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
135.0.0.0 Safari/537.36'
2025-04-11T14:00:27.048+02:00 accept='text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
2025-04-11T14:00:27.048+02:00 accept-encoding='gzip, deflate, br, zstd'
2025-04-11T14:00:27.048+02:00 accept-language='cs-CZ,cs;q=0.9'
2025-04-11T14:00:27.048+02:00 cache-control='max-age=0'
2025-04-11T14:00:27.048+02:00 dnt='1'
2025-04-11T14:00:27.048+02:00 referer='
https://login.microsoftonline.com/'
2025-04-11T14:00:27.048+02:00 sec-ch-ua='"Google Chrome";v="135", "Not-A.Brand";v="8", "Chromium";v="135"'
2025-04-11T14:00:27.048+02:00 sec-ch-ua-mobile='?0'
2025-04-11T14:00:27.048+02:00 sec-ch-ua-platform='"macOS"'
2025-04-11T14:00:27.048+02:00 sec-fetch-dest='document'
2025-04-11T14:00:27.048+02:00 sec-fetch-mode='navigate'
2025-04-11T14:00:27.048+02:00 sec-fetch-site='cross-site'
2025-04-11T14:00:27.048+02:00 server-timing='intid;desc=47d6a5a4a6f0af2e'
2025-04-11T14:00:27.049+02:00 traceparent='00-000000000000000047d6a5a4a6f0af2e-1b3815e4bab6a985-01'
2025-04-11T14:00:27.049+02:00 tracestate='in=47d6a5a4a6f0af2e;1b3815e4bab6a985'
2025-04-11T14:00:27.049+02:00 upgrade-insecure-requests='1'
2025-04-11T14:00:27.049+02:00 x-appgw-trace-id='0b10d4dd0b2ac2231bf805b36ca1a169'
2025-04-11T14:00:27.049+02:00 x-forwarded-for='85.86.87.88,
104.45.77.142:4945, 10.143.40.7'
2025-04-11T14:00:27.049+02:00 x-forwarded-host='
passwordmanager.dev.example.com'
2025-04-11T14:00:27.049+02:00 x-forwarded-port='443'
2025-04-11T14:00:27.049+02:00 x-forwarded-proto='https'
2025-04-11T14:00:27.049+02:00 x-forwarded-server='traefik-69bd47d458-2hcw4'
2025-04-11T14:00:27.049+02:00 x-instana-l='1'
2025-04-11T14:00:27.049+02:00 x-instana-s='1b3815e4bab6a985'
2025-04-11T14:00:27.049+02:00 x-instana-t='47d6a5a4a6f0af2e'
2025-04-11T14:00:27.049+02:00 x-ms-proxy='AzureAD-Application-Proxy'
2025-04-11T14:00:27.049+02:00 x-original-host='
passwordmanager.dev.example.com'
2025-04-11T14:00:27.049+02:00 x-original-url='/?stickyRedirectTest=key'
2025-04-11T14:00:27.049+02:00 x-real-ip='10.143.40.7'
2025-04-11T14:00:27.049+02:00 l5d-client-id='traefik-ingress-controller.ingresscontrollers.serviceaccount.identity.linkerd.cluster.local'
2025-04-11T14:00:27.049+02:002025-04-11T12:00:27Z, TRACE, filter.SessionFilter, {vZJeP} session validated, redirecting to original request url: / [85.86.87.88]
2025-04-11T14:00:27.049+02:002025-04-11T12:00:27Z, TRACE, state.CryptoCookieLoginImpl, {vZJeP} wrote LoginInfoBean={"a":false,"p":"*hidden*","t":"UNAUTHENTICATED","af":[],"rq":"2025-04-11T12:00:27Z","g":"m9cqjjg8EajYOFTykgrd3oDXq0lMI2VnDjWWzbgvizbQC54WGyLPjLHf5HChNULE9pOElzY1","c":0,"lf":[]} [85.86.87.88]
2025-04-11T14:00:27.049+02:002025-04-11T12:00:27Z, TRACE, http.PwmResponse, {vZJeP} sending 302 redirect to / [85.86.87.88]
What is not clear to me is that if I click in the address bar and press enter during these endless redirections, I can get into the application.
Dne pátek 11. dubna 2025 v 2:22:14 UTC+2 uživatel Jason Rivard napsal: