Reports: "ApiError" "invalid cookie domain/n"

1. Describe your incident:
After upgrading Graylog 4.2.20 to 4.3.1, Reports are not generating.

2. Describe your environment:

  • OS Information: Ubuntu 18.04

  • Package Version: Current is 4.3.5, Elasticsearch 7.10.2, openjdk-17

  • Message on browser page when running a report*
    {“type”:“ApiError”,“message”:“invalid cookie domain\n (Session info: headless chrome=96.0.4664.110)\nBuild info: version: ‘4.1.2’, revision: ‘9a5a329c5a’\nSystem info: host: ‘Graylog-xxx’, ip: ‘xxx.xxx.xxx.xxx’, os.name: ‘Linux’, os.arch: ‘amd64’, os.version: ‘4.15.0-191-generic’, java.version: ‘17.0.4’\nDriver info: org.openqa.selenium.chrome.ChromeDriver\nCommand: [6e3dc1f73fcf94088c33871c123b64df, addCookie {cookie=authentication=**********; path=/;secure;}]\nCapabilities {acceptInsecureCerts: false, browserName: chrome, browserVersion: 96.0.4664.110, chrome: {chromedriverVersion: 96.0.4664.110 (d5ef0e8214bc…, userDataDir: /var/lib/graylog-server/rep…}, goog:chromeOptions: {debuggerAddress: localhost:36849}, javascriptEnabled: true, networkConnectionEnabled: false, pageLoadStrategy: normal, platform: LINUX, platformName: LINUX, proxy: Proxy(), se:cdp: ws://localhost:36849/devtoo…, se:cdpVersion: 96.0.4664.110, setWindowRect: true, strictFileInteractability: false, timeouts: {implicit: 0, pageLoad: 300000, script: 30000}, unhandledPromptBehavior: dismiss and notify, webauthn:extension:credBlob: true, webauthn:extension:largeBlob: true, webauthn:virtualAuthenticators: true}\nSession ID: 6e3dc1f73fcf94088c33871c123b64df\nBuild info: version: ‘4.1.2’, revision: ‘9a5a329c5a’\nSystem info: host: ‘Graylog-xxx’, ip: ‘xxx.xxx.xxx.xxx’, os.name: ‘Linux’, os.arch: ‘amd64’, os.version: ‘4.15.0-191-generic’, java.version: ‘17.0.4’\nDriver info: driver.version: unknown”}

3. What steps have you already taken to try and solve the problem?
Beyond searching for an answer, I have only updated to subsequent Graylog versions hoping it would be fixed.

4. How can the community help?
Does anyone have an idea what could cause this?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

“Invalid Cookie Domain” - did anything change with certs or host names? Its also possible you need a browser tab refresh (Shift-F5)

There were no host name changes or cert changes. I’ve done browser refreshes and tried two different browsers (Edge and Chrome).

The only change before this started was the upgrade to 4.3.1. I had not updated to 4.3.0. The only other change at the time was updating the openjdk from 8 to 17. However, this was after the first instance of the report not working, according to my records. I am basing this on the date of the first failed report and an email exchange with a co-worker discussing what might be needed to make the change. It is true that I forgot to record the exact date of that change, but due to the date on the email it had to have been after the first railed report.

I did try to create a fresh report, but the same thing happened. All reports result in the same error.

Thanks you.

Watch the Graylog server log when the report is created and watch for anomalies… hmmmm…

Version 4.3.4 includes a new config option for self-signed TLS certificates that could help:
https://docs.graylog.org/docs/changelog-graylog#graylog-operations-434

2 Likes

Thank you for the replies. I’ve not had a chance to get back to this.
Graylog Report Error.pdf (119.4 KB)

@tmacgbay: I’ve uploaded a printout of the log when a report is run. Could it be the Java version (using 17)? Maybe I have my timeline of changes wrong.

@patrickmann I see that setting in the change log, but not in the server.conf file. However, the certs that I’m using are from our enterprise CA, and that is trusted by Graylog. Would that still be a possible issue?

Thank you.

Thought it might be better to just past the log here:
2022-08-25T11:27:13.782-07:00 ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource
org.openqa.selenium.WebDriverException: invalid cookie domain
(Session info: headless chrome=96.0.4664.110)
Build info: version: ‘4.1.2’, revision: ‘9a5a329c5a’
System info: host: ‘Graylog-xxx’, ip: ‘xxx.xxx.xxx.xxx’, os.name: ‘Linux’, os.arch: ‘amd64’, os.version: ‘4.15.0-191-generic’, java.version: ‘17.0.4’
Driver info: org.openqa.selenium.chrome.ChromeDriver
Command: [0a3f7392907b2aae8ac333b86405c01f, addCookie {cookie=authentication=**********; path=/;secure;}]
Capabilities {acceptInsecureCerts: false, browserName: chrome, browserVersion: 96.0.4664.110, chrome: {chromedriverVersion: 96.0.4664.110 (d5ef0e8214bc…, userDataDir: /var/lib/graylog-server/rep…}, goog:chromeOptions: {debuggerAddress: localhost:45235}, javascriptEnabled: true, networkConnectionEnabled: false, pageLoadStrategy: normal, platform: LINUX, platformName: LINUX, proxy: Proxy(), se:cdp: ws://localhost:45235/devtoo…, se:cdpVersion: 96.0.4664.110, setWindowRect: true, strictFileInteractability: false, timeouts: {implicit: 0, pageLoad: 300000, script: 30000}, unhandledPromptBehavior: dismiss and notify, webauthn:extension:credBlob: true, webauthn:extension:largeBlob: true, webauthn:virtualAuthenticators: true}
Session ID: 0a3f7392907b2aae8ac333b86405c01f
Build info: version: ‘4.1.2’, revision: ‘9a5a329c5a’
System info: host: ‘Graylog-xx’, ip: ‘xxx.xxx.xxx.xxx’, os.name: ‘Linux’, os.arch: ‘amd64’, os.version: ‘4.15.0-191-generic’, java.version: ‘17.0.4’
Driver info: driver.version: unknown
at org.graylog.plugins.report.render.ReportRenderer.createFilteredWebDriverException(ReportRenderer.java:44) ~[?:?]
at org.graylog.plugins.report.render.ReportRenderer.renderReport(ReportRenderer.java:55) ~[?:?]
at org.graylog.plugins.report.render.ReportRenderer.fetchPdf(ReportRenderer.java:65) ~[?:?]
at org.graylog.plugins.report.rest.ReportResource.generateReport(ReportResource.java:254) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391) ~[graylog.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80) ~[graylog.jar:?]
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:292) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:274) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:244) [graylog.jar:?]
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) [graylog.jar:?]
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234) [graylog.jar:?]
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680) [graylog.jar:?]
at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:356) [graylog.jar:?]
at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:200) [graylog.jar:?]
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:180) [graylog.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
at java.lang.Thread.run(Thread.java:833) [?:?]

Same thing - if you have a self signed cert, look into allowing it per @patrickmann’s post - you may have to re-set the cert in java?

Here is a little more on what that error is: Invalid cookie domain - WebDriver | MDN

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.