Posts Tagged ‘chrome’

HTTP Status 408 errors, SSL, Tomcat

September 27, 2018 Leave a comment

It took me a while to find the root cause of a problem logging into a web site running Tomcat from FireFox. I thought, this post would help others to find the root cause quickly and prevent this problem in the future when you design web applications.

If I enter a wrong username/password pair, it responds with a correct error. However, when I use the correct pair, I get “HTTP Status 408 – Request Timeout”. My search on Google returned a lot of results, but not helpful at all. Using Chrome from a different machine did not trigger this problem. So Firefox became the culprit.

Using the Web Developer Inspector I noticed that the original JSESSIONID cookie was not submitted back to j_security_check. I thought this is because I was using HTTPS and the cookie was “HttpOnly” with no “Secure”. That appeared to be a red herring.

The root cause was actually very simple. The second level domain set too many cookies, above the 4096 bytes limit. Tomcat was hosted behind a load balancer with a third level domain bound to it. For Chrome this limit seems to be higher. So the solution was to delete those second level domain cookies in FireFox (Click on the site information icon (“i” in a circle) in the address bar, chick on “>” and then “More Information”. Choose the “Security” tab, “View Cookies”. Select the cookies you want to delete. Use the Shift key if you want to delete more than 1. Then click “Remove Selected”).

How to prevent this problem in the future? If you have control on cookies set by a server handling your site on the second level domain and have subdomains, limit the size and the number of cookies that server sets. There is nastier problem lurking here. Suppose, you had enough to store just the JSESSIONID cookie and you hit the limit. Then if you attempt to set other cookies, the browser would quietly drop them on the floor and your web application might malfunction. One way to solve it is actually to check whether you get the cookie you just set. If your application did not get it back and your cookie is critical for your application, show a user-friendly page with an instruction how to clear cookies.


Chrome Browser History By Date

April 29, 2014 Leave a comment

If you do not want to install any extensions or plug-ins, there is a way how you can browse your browser history faster. The history frame has the following URL: chrome://history-frame/#page=N, where N is the page number. For example, chrome://history-frame/#page=24. From here you can just try to do a binary search.