Session Cookie JSESSIONID - can this be re-named?

Similar Messages

• Session cookie - Servername info - can it be done in the application code

  HI all,
  Scenario:
  2 managed servers in a cluster. Application is deployed on the cluster.
  Requirement:
  Application needs to send a cookie to the user with server info.
  Question is regarding session cookies. Can the application retrieve the server name (for example ManagedServer1) from which that request has been processed and send to the user in the cookie.?
  Request->process->Response with cookie containig the server name it was process by.
  Can it be done in the application code?
  /SR
  Edited by: Shashi_sr on Feb 4, 2011 4:37 AM

  Hi SR,
  You can get the server name using the following technique:
  /* Getting the Server name from System Property */
  String  serverName=System.getProperty("weblogic.Name");
  /* Adding the value of the Server Name in the Cookie*/
  response.addCookie("serverName",serverName);Like you can see by yourself using the JPS utility how WLS sets its server name as a system property using the following link
  Topic: Using Jps.exe to distinguish WLS ProcessIDs And Server Name
  http://middlewaremagic.com/weblogic/?p=2291
  Regards,
  Ravish Mody
  http://middlewaremagic.com/weblogic/
  Come, Join Us and Experience The Magic…

• How to Set up HTTPOnly and SECURE FLAG for session cookies

  Hi All,
  To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
  I have found the below solutions.
  For setting up the HTTPOnly for the session cookies.
  1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.httponly = true;
  For setting up the secure flag for the session cookies.
  2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.secure = "true"
  Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
  <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
  <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
    <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
    <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
  </cfif>
  But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
  Your timely help is well appreciated.
  Thanks in advance.

  BKBK wrote:
  Abdul L Koyappayil wrote:
  BKBK wrote:
  You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
  I couldnt understand this. I mean how are you relating this with my question.
  When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
       If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
  Name:
  JSESSIONID
  Content:
  782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
  Domain:
  xyz.abc.pqr.com
  Path:
  Send for:
  Any kind of connection
  Accessible to script:
  No (HttpOnly)
  Created:
  Wednesday, September 3, 2014 2:25:10 AM
  Expires:
  When the browsing session ends
  BKBK wrote:
  2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
  Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
       I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
  BKBK wrote:
  3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
  It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
       I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

• Enable secure session cookie on Sun ONE Web Server 6.1

  How can I enable secure session cookie (JSESSIONID) on Sun ONE Web Server 6.1?.
  For 6.0 is <session-cookie is-secure="true"/> inside the <web-app> tags in web-apps.xml but I'm not able to find this setting for 6.1.

  There is a fix in 6.1sp5 that enables the session cookie to be marked as secure.
  See the release notes and search for 6262885 under Issues Resolved in 6.1sp5:
  http://docs.sun.com/app/docs/doc/819-2479/6n4p1bdea?a=view

• Session Cookies Being Overwritten Browsing From SSL to Non SSL

  I have created a bug report for this issue as well.
  Please note I am using J2EE session variables so keep that in mind.
  I am seeing session cookies being overwritten when browsing from an SSL connection to a non SSL connection.
  For example:
  Visiting https://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Encrypted connections only".
  Visiting http://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Any type of connection".
  Here's the problem:
  Say for example, you're logging into an admin module located at https://www.domain.com/admin/. Once authenticated and some session variables are set, you browse to http://www.domain.com/. When that happens your session cookie (JSESSIONID) is overwritten with a new value and you instantly lose your authentication in the admin module.
  Obviously this is causing massive problems for my clients that bounce back and forth from SSL to non SSL connections which is common for e-commerce websites.
  Steps to Reproduce:
  1. Clear your cookies.
  2. Visit a web page such as https://www.domain.com/. Note the JSESSIONID cookie value.
  3. Visit a web page such as http://www.domain.com/. Note the JSESSIONID cookie value and how it was overwritten.
  This behavior changed in ColdFusion 10. ColdFusion 9 did not overwrite the session cookie.
  Has anyone else experience this?

  Deleting and re-adding my account seems to have fixed it.  I think when I initially added my Google Talk account, it was by using the "Add Jabber Account" under 10.6 or something.  Now, when I re-added my account, I notice both "Google Talk" and "Jabber" are options, so my thought here is that Jabber and Google Talk options are no longer quite the same thing.

• How to secure session cookie

  Iam using iPlanet 6.0SP6 in NT 4.0.
  I would like to make the session cookie JSESSIONID to be transfer only on secure connection.
  Then, I make the change to web-apps.xml as below
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
       "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
  <vs>
  <session-cookie is-secure="true"></session-cookie>
  </vs>
  After that, I restart the iplanet web server and load the page with I.E. again. I see that the cookie is still passed with non-secure mode.
  Is there any wrong with my web-apps.xml?

  Janice,
  Thanks for your help.
  When I use the below web-apps.xml, I can make the cookie in secure session.
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
       "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
  <vs>
  <web-app uri="/" dir="d:/java/docroot" enable="true">
  <session-manager class="com.iplanet.server.http.session.IWSSessionManager">
  <init-param>
  <param-name>maxSessions</param-name>
  <param-value>16000</param-value>
  </init-param>
  <init-param>
  <param-name>timeOut</param-name>
  <param-value>7200</param-value>
  </init-param>
  <init-param>
  <param-name>reapInterval</param-name>
  <param-value>30</param-value>
  </init-param>
  <init-param>
  <param-name>maxValueSize</param-name>
  <param-value>8192</param-value>
  </init-param>
  </session-manager>
  <session-cookie is-secure="true"/>
  </web-app>
  </vs>
  However, when I configure more on the web applicaiton with the web.xml, I check that the cookie no more secure.
  THe web.xml is
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE web-app PUBLIC
  "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
  <display-name>Trade Info Exchange</display-name>
  <description>
  Trade Info Exchange
  </description>
  <!-- Define servlets that are included in the example application -->
  <servlet>
  <servlet-name>Login</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.LoginServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Login</servlet-name>
  <url-pattern>/Login</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Fmenu</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.FmenuServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Fmenu</servlet-name>
  <url-pattern>/Fmenu</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Fcontent</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.FcontentServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Fcontent</servlet-name>
  <url-pattern>/Fcontent</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Express</servlet-name>
  <servlet-class>com.chase.apps.express.servlet.EXPRESS2</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Express</servlet-name>
  <url-pattern>/EXPRESS2</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>AppControl</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.AppControlServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>AppControl</servlet-name>
  <url-pattern>/AppControl</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>errorPage</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.errorPage</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>errorPage</servlet-name>
  <url-pattern>/errorPage</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>LoginFail</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.LoginFailServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>LoginFail</servlet-name>
  <url-pattern>/LoginFail</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Logout</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.LogoutServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Logout</servlet-name>
  <url-pattern>/Logout</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>ChangePwdWarning</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdWarningServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>ChangePwdWarning</servlet-name>
  <url-pattern>/ChangePwdWarning</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>ChangePwd</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>ChangePwd</servlet-name>
  <url-pattern>/ChangePwd</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>ReLoginDialog</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.ReLoginDialog</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>ReLoginDialog</servlet-name>
  <url-pattern>/ReLoginDialog</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>TradeTrackProcessSearch</servlet-name>
  <servlet-class>chase.app.tt.servlet.ProcessSearchServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>TradeTrackProcessSearch</servlet-name>
  <url-pattern>/TradeTrackProcessSearch</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>TradeTrackSearchScreen</servlet-name>
  <servlet-class>chase.app.tt.servlet.SearchScreenServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>TradeTrackSearchScreen</servlet-name>
  <url-pattern>/TradeTrackSearchScreen</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>TradeTrackMain</servlet-name>
  <servlet-class>chase.app.tt.servlet.MainServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/LCIMPORT</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/LCEXPORT</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/COLLIMP</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/COLLEXP</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/B2BMenu</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/B2BMain</url-pattern>
  </servlet-mapping>
  <welcome-file-list>
  <welcome-file>ctielogin.html</welcome-file>
  </welcome-file-list>
  </web-app>
  Pls advise how I can make the cookie secure for using the web.xml and web-apps.xml
  thanks
  samuel poon

• I am loading Magic Jack. The error message I get is "Session cookies have been disabled for your web browser. Please enable session cookies so you can register your device." I have followed you process several times. This advice doesn't work. Pls help

  Session cookies have been disabled for your web browser.
  Please enable session cookies so you can register your device.
  The URL is not specified.

  Session cookies have been disabled for your web browser.
  Please enable session cookies so you can register your device.
  The URL is not specified.

• Can portal session cookies be used between two data centers

  OAS generates the following header information and session information for my application. However when I need to failover the originating OAS datacenter into my hot stand-by for maintenance or upgrades, the OAS in the other datacenter responds with a 503 web error. We are using Akamai's GTM to manage the liveness of the datacenter, so we would need the hot stand-by OAS portal in that datacenter to return a 302 error code. Is there some method that we can add to our portal application which would always return a 302 error code.
  See header information collected through wfetch. The 503 error is caused by the hot stand-by data center not accepting or recognizing the cookie. Both OAS datacenters are IDENTICAL in Oracle levels, application levels, web servers, portals and OS patches.
  resolve hostname "170.107.183.32"WWWConnect::Connect("170.107.183.32","80")\nsource port: 2182\r\n
  GET /portal/pls/portal/PORTAL.wwsec_app_priv.login?p_requested_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home&p_cancel_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home HTTP/1.1\r\n
  Accept: */*\r\n
  Accept-Language: en-us\r\n
  Accept-Encoding: gzip, deflate\r\n
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)\r\n
  Host: www.thomson-pharma.com\r\n
  Connection: Keep-Alive\r\n
  Cookie: ORA_WX_SESSION="10.225.8.30:80-1#2"; portal=9.0.3+en-us+us+AMERICA+3D66674E7EED0801E04400144F41424E+BBAA98EEB32D58C086231A8D6CBE2E5D402D89B0E79D83A18C668BB0CA7417B4044DEA389C8B50DD37D9272A24B4753B22F29978861DE14503F8B9BEDC2014654B26A434CF074F4D8749B88610ADADF5084A90ADBF749E2A; DATACENTER=EAGAN\r\n
  \r\n
  HTTP/1.1 503 Service Unavailable\r\n
  Cache-Control: private\r\n
  Content-Type: text/html\r\n
  Set-Cookie: ORA_WX_SESSION="10.237.138.33:80-1#2"\r\n
  Set-Cookie: portal=; expires=Wednesday, 27-Dec-95 05:29:10 GMT; path=/\r\n
  Connection: Keep-Alive\r\n
  Keep-Alive: timeout=5, max=999\r\n
  Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=208440262161,0)\r\n
  Content-Length: 710\r\n
  Date: Fri, 26 Oct 2007 14:58:07 GMT\r\n
  \r\n
  Thanks -John

  Hi John,
  This question is probably more appropriate in one of the Portal forums, but perhaps you can take a look at the information in section C.5 Configuring the Portal Session Cookie in Appendix C of the Portal Configuration guide.
  Here is a link: http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_c.htm#sthref1907
  Regards,
  Peter

• Can we change the name of the cookie - JSESSIONID?

  Can we change the name of the cookie- JSESSIONID?
  for eg.
  Set-Cookie = [ JSESSIONID=6ad8360e0d1af303293f26d98e2a; Version=1; Comment=Sun+ONE+Application+Server+Session+Tracking+Cookie; Path=/]
  can we change it to something like -
  Set-Cookie = [ ServletSession=RkA4OlbgfW; path=/]

  Thankyou Sultal for the response.
  Actually we are migrating the application server from Weblogic5.1 to Sun application server 8.2. The client is a mobile client and it sends the Cookie as 'JSESSIONID=session_id_val&WeblogicSession=session_id_val' as parameters, not as request header.It worked fine for Weblogic5.1 but not in Sun Application Server.
  To make it clear :
  Weblogic           :     request.getsession(false) = sessionObj@value
  Sun Application Server      :     request.getsession(false) = null
  Sun Application Server      :     request.getParameter("JSESSIONID") = session_id_val
  In the Weblogic5.1 we have set the cookie & session parameters in the weblogic.properties file as:
  weblogic.httpd.session.cookies.enable=true
  weblogic.httpd.session.cookie.name=WebLogicSession
  weblogic.httpd.session.neverReadPostData=false
  weblogic.httpd.session.timeoutSecs=120
  In case of Sun application server , JSESSIONID is not coming as a cookie , request.getsession(false) is returning null value.Is there a way to initialize the session with JSESSIONID request parameter?

• When I try to access my online bank account thru Firefox, the session times out. This is on a new Macbook Pro. On my old Macbook Pro I can access the site.

  When I try to access my online bank account thru Firefox, the session times out. This is on a new Macbook Pro. On my old Macbook Pro I can access the site. I know it is probably something in settings but cannot figure it out.

  Hello,
  '''Try Firefox Safe Mode''' to see if the problem goes away. [[Troubleshoot Firefox issues using Safe Mode|Firefox Safe Mode]] is a troubleshooting mode that temporarily turns off hardware acceleration, resets some settings, and disables add-ons (extensions and themes).
  '''If Firefox is open,''' you can restart in Firefox Safe Mode from the Help menu:
  * Click the menu button [[Image:New Fx Menu]], click Help [[Image:Help-29]] and select ''Restart with Add-ons Disabled''.
  '''If Firefox is not running,''' you can start Firefox in Safe Mode as follows:
  * On Windows: Hold the '''Shift''' key when you open the Firefox desktop or Start menu shortcut.
  * On Mac: Hold the '''option''' key while starting Firefox.
  * On Linux: Quit Firefox, go to your Terminal and run ''firefox -safe-mode'' <br>(you may need to specify the Firefox installation path e.g. /usr/lib/firefox)
  When the Firefox Safe Mode window appears, select "Start in Safe Mode".
  ;[[Image:SafeMode-Fx35]]
  '''''If the issue is not present in Firefox Safe Mode''''', your problem is probably caused by an extension, theme, or hardware acceleration. Please follow the steps in the [[Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems]] article to find the cause.
  ''To exit Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.''
  When you figure out what's causing your issues, please let us know. It might help others with the same problem.

• A dialog box tells me i already have firefox running i must close this and or restart computer this is annoying can this be fixed or am i needing better instruction for opening and closing firefox sessions help............

  i have close firefox and tried to log on again i get a box saying firefox is already running, i must close this session before i can log on again confused i don't see the program running in the task manager confused again says i must restart computer in order to log on again. i close firefox by accident seems like this could be resolved easier. vs. restarting computer confused help shows something like firefox exe. confused

  Try to run the Firefox program once as Administrator (right-click: Run as Administrator).
  If that doesn't solve the problem then remove the Firefox program folder to do a clean reinstall.
  * Uninstall your current Firefox version.
  * Do not remove personal data when you uninstall the current version.
  Remove the Firefox program folder before installing that newly downloaded copy of the Firefox installer.
  * It is important to delete the Firefox program folder to remove all the files and make sure that there are no problems with files that were leftover after uninstalling.
  Your bookmarks and other profile data are stored elsewhere in the Firefox Profile Folder and won't be affected by a reinstall, but make sure that you do not select to remove personal data if you uninstall Firefox.

• The "Pin as app tab" produces tabs that do not persist across sessions. I have this problem on two installations, and it's really annoying (since the Permatab Mod no longer works in Ff4). Can you offer any assistance?

  The "Pin as app tab" produces tabs that do not persist across sessions. I have this problem on two installations (PC and laptop, both running Win7), and it's really annoying (since the Permatab Mod no longer works in Ff4). Can you offer any assistance?

  App tabs and Tab Groups (Panorama) are stored as part of the session data in the file sessionstore.js in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Firefox Profile Folder]
  * http://kb.mozillazine.org/Session_Restore
  Make sure that you do not use [[Clear Recent History]] to clear the "Browsing History"

• Can this be done only with Session Beans ?

  Hi all,
  suppose I have an airline web selling ticket application.
  This is the web flow:
  -The user chooses destinations & date
  -The user chooses seats
  -The user confirms to buy
  If it's NOT required to persist itineraries until the user confirms to buy,
  can this be done ONLY with Session Beans ?
  I think that there aren't cuncurrency problems because even if two persons will book the same flight, they'll get different sequence Id (if the sequence is generated by the DataBase).
  I think the worst scenario is if two person book the last seat at the same time, one will get an error.......
  What do you say to it ?
  Thanks
  Francesco

  If it's NOT required to persist itineraries until the
  user confirms to buy,
  can this be done ONLY with Session Beans ?Yes. Even if persistence is required, you can use only session beans with some persistence mechanism.

• Firefox 4.0.1 closes with no error message. When I restore the session I get: Well, this is embarrassing. Firefox is having trouble recovering your windows and tabs. This is usually caused by a recently opened web page. What can I do?

  After opening certain websites, pogo, firefox 4.0.1 closes with no error message. When I restore the session I get: Well, this is embarrassing. Firefox is having trouble recovering your windows and tabs. This is usually caused by a recently opened web page.
  I have had this problem before and had to reinstall an earlier version of firefox.
  The error console has a long list of errors, many of them end with: does not implement nsIObserver. Is there a way to send the information on the error console to firefox support?
  Redownloading Firefox 4.0 will fix my problem until I either close firefox or turn off my computer. The problem recurs when I open firefox again.

  See:
  * http://kb.mozillazine.org/Firefox_crashes
  * https://support.mozilla.com/kb/Firefox+crashes
  It is also possible that there is a problem with the files [http://kb.mozillazine.org/sessionstore.js sessionstore.js] and sessionstore.bak in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Profile Folder]
  Delete the files sessionstore.js and sessionstore.bak in the Firefox Profile Folder.
  * Help > Troubleshooting Information > Profile Directory: Open Containing Folder
  * http://kb.mozillazine.org/Profile_folder_-_Firefox
  * http://kb.mozillazine.org/sessionstore.js
  If you see files sessionstore-##.js with a number in the left part of the name like sessionstore-1.js then delete those as well.<br />
  Deleting sessionstore.js will cause App Tabs and Tab Groups to get lost, so you will have to create them again (make a note).
  See:
  * http://kb.mozillazine.org/Session_Restore

• How to use session cookie property of System object?

  Hi all,
  I have searched all over the SDN but didnt get anything relevent so here i am posting my query...
  My scenario is as follows:
  I have created a KM document iview that launches an HTML page, on click of button of HTML page a VC iview is launched. On this iview i have a button that hits BI query.
  PS: A system object is created for the connectivity bet portal and backend BI server.
  PS: i have configured SSO between portal and backend.
  Now when i click on button on iview that fetches the data from backend, i am asked for authentication pop-up, although i have configured SSO why i am asked to enter UID and PWD again??
  In system object there is a property named
  <b>"session cookie = MYSAPSSO2"</b>
  So should i use this property so that cookie will get transfered from one session to other session when i click button on iview??
  If yes then HOW??
  Is there any other setting remained in Visual Admin?? or Backend or portal?
  What could be the missing??
  PS: User id are same on portal & backend.
  Any help will be highly appreciated...
  Regards,
  Ameya
  Thanks in advance
  Message was edited by:
          Ameya Pimpalgaonkar
  null
  Message was edited by:
          Ameya Pimpalgaonkar

  Hi Ameya,
  I do not know the exact answer.However you should look for something called JSESSION ID.
  Have a look at the thread:
  Re: Problems Using Application Integrator for BSP Application
  Reg SSO Logon Tickets and Browser sessions
  How to use jsessionid while making HTTP calls??
  Hope you find something which can help you.
  Regards
  Atul Shrivastava