ViewExpiredException on a WildFly-served webapp only in a particular webbrowser

Question

I have a jsf application running on Wildfly 8.1.0Final and, ONLY in Google Chrome, when I click on the Login button, i receive ViewExpiredException, in others browsers, or i

Answer 1

WildFly in its current version 8.1 has trouble with (session) cookies, particularly those originating from "unknown" servers. You probably already know that cookies are domain specific and are everytime sent back to the server by the browser. If you've previously used the same browser on exactly the same domain which is served by a different server (e.g. Tomcat, JBoss, GlassFish, etc), and the cookie in question happens to be the JSESSIONID cookie, then WildFly will be unable to properly create the HTTP session.

It'll work if you trash all domain-specific (localhost) cookies before opening the webapp. Or, as you correctly observed, if you open an Incognito window (which basically starts with a crisp and clean state), or when the cookies are already expired for long (those other browsers are very rarely used, right?). As a temporary workaround without needing to fiddle around in browser's cookie store, you could also create a servlet filter which checks for duplicate request cookies and trash them.

WildFly has another problem with session cookies, by the way. When it creates the session cookie for the first time, it doesn't use the / path, but an empty string as path (which basically translates to the current folder instead of the root folder). This has the consequence that when you visit the webapp for the first time by requesting a folder path, then the parent/root folder(s) wouldn't share the same session. This part is in turn workaroundable with the following setting in web.xml:

<session-config>
    <cookie-config>
        <path>/</path>
    </cookie-config>
</session-config>

See also:

• Experiences migrating JBoss AS 7 to WildFly 8