I've been working on GEODE-2539 to upgrade Jetty to the latest version. But I've run in to some snags.
The last version that appears to work with Geode without any changes is 9.3.11. In 9.3.12, they made a change to add cookies rather than replace, so some of our tests failed due to two JSESSION cookies being present. Also, they modified the session timeout to default to 0, causing sessions to instantly time out if this isn't set. Also, 9.3.12 dropped support for TLS 1.1 (Jetty Issue #890). Further, in Jetty 9.4, they've changed the API, preferring SessionHander over SessionManager. I'm comfortable with upgrading Jetty from 9.3.6 to 9.3.11, but I think I need a lot of help from those more familiar with Geode communications to move further.
