Log session cookies in metadata (#2703)

There are two session cookies, JSESSIONID, which is set by Jetty, and GCLB, which is set by the Gateway. In one session, every request other than the first one (the <hello>) should have the same GCLB value, and every request after a successful <login> should have the same JSESSIONID. With these two metadata, we should be able to trace all requests that *should* belong to the same session and debug issues with session mismatch (if any).
2025-12-23 06:15:42 +00:00 · 2025-03-04 15:18:15 -05:00
parent fa54c26ee2
commit a3f510d0db
3 changed files with 68 additions and 8 deletions
--- a/core/src/main/java/google/registry/module/RegistryServlet.java
+++ b/core/src/main/java/google/registry/module/RegistryServlet.java
@@ -16,10 +16,14 @@ package google.registry.module;

 import static google.registry.util.GcpJsonFormatter.setCurrentRequest;
 import static google.registry.util.GcpJsonFormatter.setCurrentTraceId;
+import static google.registry.util.GcpJsonFormatter.setLabel;
 import static google.registry.util.GcpJsonFormatter.unsetCurrentRequest;
+import static google.registry.util.GcpJsonFormatter.unsetLabels;
 import static google.registry.util.RandomStringGenerator.insecureRandomStringGenerator;
 import static google.registry.util.StringGenerator.Alphabets.HEX_DIGITS_ONLY;

+import com.google.common.base.Splitter;
+import com.google.common.collect.ImmutableSet;
 import com.google.monitoring.metrics.MetricReporter;
 import dagger.Lazy;
 import google.registry.request.RequestHandler;
@@ -30,6 +34,7 @@ import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.Arrays;
+import java.util.Optional;
 import java.util.logging.ConsoleHandler;
 import java.util.logging.Handler;
 import java.util.logging.Level;
@@ -48,6 +53,9 @@ public class RegistryServlet extends ServletBase {
  private static final RequestHandler<RequestComponent> requestHandler = component.requestHandler();
  private static final Lazy<MetricReporter> metricReporter = component.metricReporter();

+  // The names of the session cookies to log.
+  private static final ImmutableSet<String> COOKIES_TO_LOG = ImmutableSet.of("JSESSIONID", "GCLB");
+
  private final String projectId;

  static {
@@ -74,11 +82,20 @@ public class RegistryServlet extends ServletBase {
    String userAgent = String.valueOf(req.getHeader("User-Agent"));
    String protocol = req.getProtocol();
    setCurrentRequest(requestMethod, requestUrl, userAgent, protocol);
+    Optional<String> maybeCookie = Optional.ofNullable(req.getHeader("Cookie"));
+    if (maybeCookie.isPresent() && !maybeCookie.get().isEmpty()) {
+      // GCLB sets the value with a leading and trailing double quote.
+      String cookie = maybeCookie.get().replace("\"", "");
+      Splitter.on(';').trimResults().withKeyValueSeparator('=').split(cookie).entrySet().stream()
+          .filter(e -> COOKIES_TO_LOG.contains(e.getKey()))
+          .forEach(e -> setLabel(e.getKey(), e.getValue()));
+    }
    try {
      super.service(req, rsp);
    } finally {
      setCurrentTraceId(null);
      unsetCurrentRequest();
+      unsetLabels();
    }
  }