#27926 closed defect (fixed)

Session cookie being set on `metrics.torporject.org`

Reported by: modik Owned by: metrics-team
Priority: Medium Milestone:
Component: Metrics/Website Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


visiting metrics.torproject.org sets a session cookie. It's does not look harmful, but if there is no usage for the cookie, then avoiding it altogether would be a good thing.

Child Tickets

Attachments (1)

cookie-metrics-torproject.png (61.3 KB) - added by modik 22 months ago.

Download all attachments as: .zip

Change History (5)

Changed 22 months ago by modik

comment:1 Changed 22 months ago by karsten

Here's a possible, semi-tested patch that I'm going to test more next week:

@@ -22,6 +22,11 @@
         <New class="org.apache.tomcat.util.scan.StandardJarScanner" />
+    <Get name="sessionHandler">
+      <Get name="sessionManager">
+        <Set name="usingCookies" type="boolean">false</Set>
+      </Get>
+    </Get>
   <Call class="org.eclipse.jetty.webapp.Configuration$ClassList" name="setServerDefault">

We'll probably want to do the same on ExoneraTor and Onionoo.

comment:2 Changed 22 months ago by karsten

Status: newneeds_information

Pushed and deployed.

modik, mind checking again?

comment:3 Changed 22 months ago by irl

I no longer see any session cookie there. (:

comment:4 Changed 22 months ago by karsten

Resolution: fixed
Status: needs_informationclosed

Great! Closing. Thanks!

Note: See TracTickets for help on using tickets.