Vaadin session expired immediately

Question

I have a simple vaadin application created from an achetype. The page with button is loaded but when you click it, session is already expired. This problem occurs just only under this conditions:

• session is https
• browsert is IE 11.0.14393.0 (after Windows 10 Aniversary Update 1607)
• SPNEGO is used

Server is WildFly 10.1.0.Final

Other browsers (EDGE, Firefox, Chrome) works fine. Before Aniversary update the IE 11 worked as well.

I know it is not enough information but I don't know what can be important. Can you point me what should I check / should I do?

I haven't find anything strange at logs and communication. I'm guessing there will be something wrong with a session but I can not find what is bad :-(

Answer 1

The problem is caused by the internally generated request for favicon. This request is generated internally by IE and uses wrong session ID (jsessionID). Server creates a new session and answers with its ID. Unfortunately the IE then uses this new session ID for other requests. Other browsers (and previous IE version) correctly use the original jsessionID and do not the one that is returned as a response to the internally generated favicon request.

Solution: I have changed the favicon links within my application and pointed them outside of the secured server area.

            @Override
            public void modifyBootstrapPage(BootstrapPageResponse response) {
                // FIX for IE11 at Windows 10 after anniversary update
                response.getDocument().head().getElementsByAttributeValue("rel", "shortcut icon").attr("href", "/static/favicon.ico");
                response.getDocument().head().getElementsByAttributeValue("rel", "icon").attr("href", "/static/favicon.ico");
            }