Details
Major Description
Background
We are using ActiveMQ's HTTP transport to connect to brokers hosted in AWS, behind a load balancer.
This transport requires a sticky session (i.e. session affinity) because of the local map of clients in HttpTunnelServlet.clients
AWS's classic load balancer sends sticky session cookies with the max-age attribute:
AWSELB=2DC7[...]F155;PATH=/;MAX-AGE=36000
Whereas AWS's new application load balancer, which supports a web application firewall (WAF), uses the Expires attribute:
AWSALB=QclQ[...]V2kP; Expires=Tue, 27 Dec 2016 09:31:43 GMT; Path=/
As of RFC 6265 both max-age and Expires are valid attributes.
Issue
Apache HTTP Client 4.5.2 defaults to a cookie policy of best-match. When the AWSALB cookie is received, the cookie is not handled and the ActiveMQ log contains the following:
2017-01-19 12:23:58,185 | WARN | Invalid cookie header: "Set-Cookie: AWSALB=QclQ[...]V2kP; Expires=Tue, 27 Dec 2016 09:31:43 GMT; Path=/". Invalid 'expires' attribute: Tue, 27 Dec 2016 09:31:43 GMT | org.apache.http.client.protocol.ResponseProcessCookies | main
Solution
The solution is to change the cookie policy in HttpClientTransport.createHttpClient():
HttpClientParams.setCookiePolicy(params, CookiePolicy.BROWSER_COMPATIBILITY);
Patch attached.