Hi, When / what are the conditions when a JSESSIOINID is created? Is it per a domain? For instance, if I have a Tomcat app server, and I deploy multiple web applications, will a different JSESSIONID be created per context (web application), or is it shared across web applications as long as they are the same domain? ...
I have a requirement of having to run multiple tomcat server in single physical box. While accessing these from a browser, when user switches between the applications, it results in logging out the user previously access application. This is because of JSESSIONID cookie conflict. One possible solution is to run each applications in diff...
Hi Gurus, Is it possible to turnoff jsessionid in the url in tomcat? the jsessionid seems not too search engine friendly. Please Advise Thanks ...
I've got some strange bug: when I open page first time in some browser all references has jsessionid parameter (like <a href="/articles?name=art&jsessionid=5as45df4as5df"..>). When I press F5 or refresh the page by any other ways all that stuff is disappeared and everything works fine until I close my browser (and all tabs should be clo...
We need to ensure that all cookies on a CF7 site are set as HttpOnly. We are using jsessionid to control our sessions, and JRun does not create this as HttpOnly. Whilst it is possible to modify an existing cookie to add this setting, we need to have it set to HttpOnly from the start. Any suggestions? Related Question: Setting Secure...
We have a site running on CF7 that has both logged in and logged out sections, and uses jsessionid for sessions. When switching to HTTPS (for the secure sections), we need to start a new secure session, setting the 'Secure' flag on the jsessionid cookie. Whilst JRun has an option for setting 'Secure' it appears to be an all-or-nothing ...
Is possible to switch off session tracking in Tomcat 6. I mean, to avoid the creation of the cookie JSESSIONID. Thanks Luis ...
Im trying to login to a website (www.vodafone.ie) with a console app and c# httpWebRequest. Problem is it works ok about 50% of the time. Im using fiddler to find out the GET and POST requests I need to make. Done that and my app is successfully recreating these as best as I can see. The steps are; 1) GET request with cookie container ...
Hello, Looking for someone to either confirm or refute my theory that deploying two iframes pointing to two different stateful pages on the same domain can lead to JSESSIONIDs being overwritten. Here's what I mean: Setup suppose you have two pages that require HttpSession state (session affinity) to function correctly - deployed at h...
Сould you please tell me how to place the session identifier into the cookie, if you are working with google app engine. Thanks. ...
In my application I had a list of books. For each book there is a dynamically created link something like: http://interestingpage.com/searchBook.html?isbn=bookISBN after it's clicked the user is moved to that page. Owners of that page has decided to change the method of posting form for searching book and it now uses something like: ...
Is it possible to override Tomcat's embedded generator of JSESSIONID, to be able to create custom values of this cookie, based on user's login? Why do I need this: I have a load balancer with "sticky sessions", configured to route requests with the same JSESSIONID to the same server, and I want to prevent situation, when same user can ...
Situation: I have a "dumb" Javascript frontend that can contact some kind of SSO middleware (MW). The MW can obtain sessions by issuing requests that contain authentication credentials (username, password). I.e. the session will be created for a certain user. My frontend needs to "restart" the session to gain the user's permissions to t...
I'm trying to set the httponly flag on the JSESSIONID cookie. I'm working in Java EE 5, however, and can't use setHttpOnly(). First I tried to create my own JSESSIONID cookie from within the servlet's doPost() by using response.setHeader(). When that didn't work, I tried response.addHeader(). That didn't work either. Then, I learned...
We have one web application that is being built to serve multiple regional web site TLDs. In addition, the web application also supports thousands of dynamic subdomains. Examples include: www.example.com www.example.co.uk www.example.com.ar fred123.example.co.uk <== Thousands of this form fred123.p.example.us <== Thousands of this f...
Hi everyone, I'm accessing a server's secure information and it sends a bunch of cookies to the App on request. The problem is some of the cookies are session only and when I use: [NSHTTPCookie requestHeaderFieldsWithCookies:[[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:[NSURL URLWithString:theCookie]] it doesn't retur...
Hi, I am facing a problem with setting the JSESSIONID path. In firefox it is set to / which is alright but in safari and IE it is somehow set to %22%22 so i am unable to login using safari and firefox. I am using tomcat 7 and spring security in backend. Any help in this regard will be highly appreciated. ...
Hi, Our application runs on JBOSS and its front end on Apache. When accessign the URL externally, the JSESSIONID displays the servername within the Content property of the cookie. Any ideas how this can be removed??? Thanks, ...
Server:jboss 4.2.3. I have this task to implement. After user login, keep the existing session object but create new session id and set it to that object. I'm working on a Valve class [org.apache.catalina.valves.ValveBase] to acheive this. here is my code. import org.apache.catalina.connector.Request; import org.apache.catalina.connecto...