Setting Secure and HttpOnly flags in JSESSIONID cookie

Similar Messages

• Missing Secure Flag & HttpOnly Flag From SSL Cookie - OWA

  Hello, I'm a bit stuck on this issue for a few days and hoping to get some help on this...
  We are running Exchange 2010 /w SP1 Rollup 6. Server is running great and OWA is on 443. We have two servers for Exchange. One if running the Transport and Mailbox, and the other is CAS. We use IBM for firewall / IDS and we run scheduled penatration tests.
  We came back with two vulnerabilities:
  1) Missing HttpOnly Flag From Cookie
  2) Missing Secure Flag From SSL Cookie
  Their solution is to:
  Add the HttpOnly to all cookies and Add the Secure flag to cookies sent over SSL
  I tried adding this line and playing with the boolean with no luck:
  <httpCookies httpOnlyCookies="false" requireSSL="true" domain="" />
  I set this in the web.config under Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa
  If I turn httpOnlyCookies="true" it will break OWA
  Any help would be appreicated ! Thanks :)
  Will

  Hi,
  We do not set the cookies to HttpOnly because we require access to certain of these cookies from scripts. 
  So we cannot change this, but we take care to use best practices and safe guards within our code to protect against cross site scripting attacks. 
  So it is by design.
  Xiu Zhang
  TechNet Community Support

• How to Set up HTTPOnly and SECURE FLAG for session cookies

  Hi All,
  To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
  I have found the below solutions.
  For setting up the HTTPOnly for the session cookies.
  1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.httponly = true;
  For setting up the secure flag for the session cookies.
  2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.secure = "true"
  Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
  <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
  <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
    <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
    <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
  </cfif>
  But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
  Your timely help is well appreciated.
  Thanks in advance.

  BKBK wrote:
  Abdul L Koyappayil wrote:
  BKBK wrote:
  You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
  I couldnt understand this. I mean how are you relating this with my question.
  When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
       If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
  Name:
  JSESSIONID
  Content:
  782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
  Domain:
  xyz.abc.pqr.com
  Path:
  Send for:
  Any kind of connection
  Accessible to script:
  No (HttpOnly)
  Created:
  Wednesday, September 3, 2014 2:25:10 AM
  Expires:
  When the browsing session ends
  BKBK wrote:
  2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
  Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
       I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
  BKBK wrote:
  3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
  It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
       I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

• Setting secure flag on weblogic (5.1) session cookie.

  Hello All,
            I need to set secure flag on weblogic session cookie. I am not able to
            find any property in weblogic.properties file to set the secure flag for
            session cookie.
            Does anybody has any idea how to achieve this.?
            Thanks
            Nitin
            

  The best way to reduce GC is to change you application to use less memory. Serious.
  There are a number of JVM options for GC. I can't tell you what will work best
  for your application.
  25 seconds is way too long for a GC. Is the OS paging? You may wish to invest
  in additional memory.
  Mike Reiche
  vijendran <[email protected]> wrote:
  Hi,
  I am running a load test which will simulate 100 users. when i tried
  to simulate i found that GC is happening often even though i set the
  heap to 512 MB., and that too some time it takes upto 25 secs. for a
  GC to complete. Please advise on how to increase the performance for
  more number of users (without clustering weblogic) and to avoid GC happening
  often.
  Regards
  Vijendran

• Create the JSESSIONID cookie with the secure flag

  Hello,
  I wonder if it is possible, through UCM or Weblogic configurations, to automatically create the JSESSIONID cookie used when a user is logged on with the secure flag?
  I have not found any parameters so far that could allow this.
  Thanks in advance!

  We have public Websites running on UCM/SiteStudio which are only accessible through SSL by visitors. The aim is that every cookies should be secure to be sure that they are not transmitted in plain text to our server.
  We thus would like to find a way to put the secure flag on JSESSIONID to avoid any case of session hijacking.
  Thanks.
  Edited by: Leo-G on 17 juil. 2012 23:57

• How to restrict the Request and Response process in that cookies should be Secure way SAP Portal 7.0 ?

  Dear Experts,
  Please any one can help me i am getting one security issue.Some third party tools using and hacking the Request and Response of the Server.That time there taking one successfully Request (GET http://1.1 302 found)   and Response (http://1.1 200 ok).In this request based on again there giving some invalidate credential in that time server giving request replacing for success fully Request that time there login in to portal successfully(Bypassing).In this Request level only getting the information for URL and set-cookies only.Here any process is there to restrict the set cookies.like JSESSIONMARKID and JSESSIONID SAP_LB.
  We are using 7.0 Version and SP 12. Please share you are solutions because of this is very high problem here.
  Thanks for Advance
  Thanks and regrades,
  Durga Rao. 

  Dear Samuli,
  Thanks for the Replay,
  We are using HTTPS and SSL confined but man in the middle types of attack is happening here there using one tool based one there taking the Request and Response.The below given cookie are available in that request.
  According to this , set-cookie: JSESSIONMARKID , JSESSIONID and MYSAPSSO2 values are user login time it will change every time  are not.
  After  capturing above response HTTP/1.1 302 etc , when user gives valid credentials and logs in ,
  and now ill give wrong password and wrong user id and on click of log on button, i can intercept the request and response coming from the server and when i replace this valid response stil i am able to loggin in to the portal , which should not happen as JESSIONMARKID is changed , server should not allow , but it is loggin in.Standard Login page also allowing to login in this case.
  My server version is EP 7.0 SP 12.
  Please suggest a solution so that if we restric the hacker at this stage , no matter he can never hijack the sesiona and login  with invalid username and  password.
  Thanks for Advance
  Thanks and regrades,
  Durga Rao.

• Weblogic 10.3 secure jsessionid cookie

  Hi,
  I am running my application on weblogic 10.3 app server. And my application is running on both HTTP and HTTPS. My questions is around the JSESSIONID cookie that App server generates and send to client. By default this cookie is non-secure, even if application runs on HTTPS. I want to know, how can Weblogic App Server create a new JSESSIONID cookie which is secure, when application moves from HTTP to HTTPS? My requirement is to run the application on secure JSESSIONID cookie when we use HTTPS.
  How can i achieve it? It's kind of critical to me.
  Any help is highly appreciated.

  I tried setting up the secure cookie by modifying the config.xml.
  But my app server is shutting down forcefully by throwing this message.
  <Aug 28, 2009 1:05:18 PM GMT+05:30> <Error> <Management> <BEA-141244> <Schema va
  lidation errors while parsing D:\bea\user_projects\domains\zendough\config\confi
  g.xml - Expected elements 'weblogic-plugin-enabled@http://www.bea.com/ns/weblogi
  c/920/domain hosts-migratable-services@http://www.bea.com/ns/weblogic/920/domain
  http-trace-support-enabled@http://www.bea.com/ns/weblogic/920/domain key-stores
  @http://www.bea.com/ns/weblogic/920/domain custom-identity-key-store-file-name@h
  ttp://www.bea.com/ns/weblogic/920/domain custom-identity-key-store-type@http://w
  ww.bea.com/ns/weblogic/920/domain custom-identity-key-store-pass-phrase-encrypte
  d@http://www.bea.com/ns/weblogic/920/domain custom-trust-key-store-file-name@htt
  p://www.bea.com/ns/weblogic/920/domain custom-trust-key-store-type@http://www.be
  a.com/ns/weblogic/920/domain custom-trust-key-store-pass-phrase-encrypted@http:/
  /www.bea.com/ns/weblogic/920/domain java-standard-trust-key-store-pass-phrase-en
  crypted@http://www.bea.com/ns/weblogic/920/domain reliable-delivery-policy@http:
  //www.bea.com/ns/weblogic/920/domain message-id-prefix-enabled@http://www.bea.co
  m/ns/weblogic/920/domain default-file-store@http://www.bea.com/ns/weblogic/920/d
  omain candidate-machine@http://www.bea.com/ns/weblogic/920/domain overload-prote
  ction@http://www.bea.com/ns/weblogic/920/domain jdbcllr-table-name@http://www.be
  a.com/ns/weblogic/920/domain jdbcllr-table-xid-column-size@http://www.bea.com/ns
  /weblogic/920/domain jdbcllr-table-pool-column-size@http://www.bea.com/ns/weblog
  ic/920/domain jdbcllr-table-record-column-size@http://www.bea.com/ns/weblogic/92
  0/domain jdbc-login-timeout-seconds@http://www.bea.com/ns/weblogic/920/domain se
  rver-diagnostic-config@http://www.bea.com/ns/weblogic/920/domain auto-jdbc-conne
  ction-close@http://www.bea.com/ns/weblogic/920/domain supported-protocol@http://
  www.bea.com/ns/weblogic/920/domain federation-services@http://www.bea.com/ns/web
  logic/920/domain single-sign-on-services@http://www.bea.com/ns/weblogic/920/doma
  in web-service@http://www.bea.com/ns/weblogic/920/domain nm-socket-create-timeou
  t-in-millis@http://www.bea.com/ns/weblogic/920/domain' instead of 'web-server@ht
  tp://www.bea.com/ns/weblogic/920/domain' here in element server@http://www.bea.c
  om/ns/weblogic/920/domain>
  Here is my config.xml
  <?xml version='1.0' encoding='UTF-8'?>
  <domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd">
  <name>zendough</name>
  <domain-version>10.3.0.0</domain-version>
  <security-configuration>
  <name>zendough</name>
  <realm>
  <sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
  <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
  <sec:active-type>AuthenticatedUser</sec:active-type>
  </sec:authentication-provider>
  <sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
  <sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
  <sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
  <sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
  <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
  <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
  <sec:name>myrealm</sec:name>
  </realm>
  <default-realm>myrealm</default-realm>
  <credential-encrypted>uuuuuu</credential-encrypted>
  <node-manager-username>weblogic</node-manager-username>
  <node-manager-password-encrypted>kkkkk</node-manager-password-encrypted>
  </security-configuration>
  <server>
  <name>AdminServer</name>
  <ssl>
  <enabled>true</enabled>
  </ssl>
  <listen-port>7001</listen-port>
  <listen-port-enabled>true</listen-port-enabled>
  <listen-address></listen-address>
  <java-compiler>javac</java-compiler>
  <client-cert-proxy-enabled>false</client-cert-proxy-enabled>
  <web-server>
       <auth-cookie-enabled>true</auth-cookie-enabled>
  </web-server>
  </server>
  <embedded-ldap>
  <name>ttttt</name>
  <credential-encrypted>yyyyy</credential-encrypted>
  </embedded-ldap>
  <configuration-version>10.3.0.0</configuration-version>
  <app-deployment>
  <name>hybrisplatform</name>
  <target>AdminServer</target>
  <module-type>ear</module-type>
  <source-path>xxxxx</source-path>
  <deployment-order>100</deployment-order>
  <security-dd-model>DDOnly</security-dd-model>
  <staging-mode>stage</staging-mode>
  </app-deployment>
  <admin-server-name>AdminServer</admin-server-name>
  </domain>

• Setting secure cookie in iPlanet

  Hi All,
  I would like to set the JSESSIONID cookie as Secure. I read the product documentation for iPlanet Web Server 6.0 and it suggest to use the session-cookie in web-apps.xml. I try to modify the file as following and restart the server
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
       "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
  <vs>
  <session-cookie is-secure="true"/>
  </vs>
  Unfortunately, it doesn't work, the JSESSIONID is still not Secure Cookie. Does anyone have solution on this? Thanks in advance.
  -Wallace

  I do face the Same Problem. Please Let me know aswell.

• Apache ProxyPass and JSESSIONID cookie

  Is there any way that i can force the path that tomcat sets to the JSESSIONID cookie?
  I need the path to be "/" and Tomcat sets it to "/webappName".
  Thanks in advance

  As far as I know, you cannot because the cookie is what Tomcat uses to reference SessionData. According to the J2EE spec, Servlet contexts cannot be shared, so the cookies are written with that restriction in mind.

• After upgrading to Mountain Lion I am not able to access "security and privacy" button under "system preferences". I like to activate "find my mac" but cannot access privacy setting after upgrade. Kindly advice.

  After upgrading to Mountain Lion I am not able to access "security and privacy" button under "system preferences". I like to activate "find my mac" but cannot access privacy setting after upgrade. Kindly advice.

• I have a 3rd generation iPod Touch and just did the update to IOS 5. Now I can't connect to my Netgear wifi router. My iPhone connects fine along with all of my other laptops etc. I have the router set with WPA-PSK [TKIP] security and an access list.

  I have a 3rd generation iPod Touch and just did the update to IOS 5. Now I can't connect to my Netgear wifi router. My iPhone connects fine along with all of my other laptops etc. I have the router set with WPA-PSK [TKIP] security and an access list. I've confirmed the mac address is included on that list and that the password is correct. Under choses netwrok I select the network and it just goes into a spin. I have tried removing the password and the access list settings and it still will not complete the connection to the router thus no internet access. The routers firmware is also up to date. This thing worked fine before this update and I've already tried to restore from backup. Any ideas or is the wifi nic bad in this thing with the new apple firmware update? Any fix?

  Thanks Bob, I don't know why but it all of a sudden worked a few days later. It's a mystery but at least problem solved.

• Using AX as wireless router, how to set up w/ security and airtunes on XP

  I previously had a Linksys wireless router. I just purchased an Airport express to use as the wireless router (and remove the Linksys router) as well as use the Airtunes functionality.
  After some trial and error, I have been able to wireless connect my computer to the AX on it's own (the linksys router is now unplugged and out of the equation). I can connect to the internet fine on my PC (XP Pro SP2).
  Trouble is, when I use the Network Setup Assistant, it shows the apple network listed, but it can't connect to it, no matter how many times I try, reboot my machine or reboot the AX. I've tried both the "setting up a new network" and "editing an existing network" option, and in each selection, after a few minutes of trying to connect to the network, I just get a failure message.
  If I try and use the Admin utility, nothing shows up in the left-hand list window, and when I Press re-scan, still nothing shows (it doesn't even appear to scan).
  I'm not sure what I'm doing wrong. I can't find simple instructions on how to set up the AX as the only wireless router for a PC and set up security and Airtunes (I'm assuming enabling airtunes is done in these applications, as I haven't seen anything about that yet either).
  Any ideas on how this is done with a PC? Much thanks!
  Dell 4500 series

  I have found the 'DHCP Reservations' option on the AirPort Extreme to be buggy.  I seem to remember it causing IP conflicts for some reason.  I think what I remember is that if the computer with the reservation was off, and the DHCP server then handed out that IP to another DHCP client, then there would be a conflict when the reserved IP computer was turned back on.  Maybe it was an issue in ealier versions of the AE or OS X as the case may be, and maybe it's been corrected, but I've never bothered using it agian since the method I describe below has always worked without fail.  Also, I'm guessing DHCP Reservations would work fine if one manually enters IPs outside of the DHCP range but in the AE 'DHCP Reservation Setup Assistant' the IP options provided are within the DHCP range which to me makes no sense and increases the potential for IP conflicts.
  Here's what I do to setup a mixed environment of static and dynamic IPs on my network.  It works like a charm and does not require the DHCP server (beyond the distribution of dynamic IPs to hosts using DHCP).
  For machines on my network that are accepting services from the public network, I set them up with static IPs using the 'Manually' option (System Preferences/Network/Ethernet/Configure IPv4).  The settings for 'Router' IP address and 'DNS Server' IP address should both be set with your gateway/router LAN IP).  Use an IP address below or above the DHCP range of adresses (in AE/Internet/DHCP/DHCP Beginning & Ending Address).
  i.e. if my subnet is 10.0.1.1 and my DHCP range is 10.0.1.100 to 10.0.1.150, you could set the static IPs on your local hosts as 10.0.1.x where x = any number from 2 - 99 or from 151 - 200 as an example.
  All other machines and devices that do not require static routing are setup as DHCP clients and get a dynamic IP from the AE.  To me it's a simpler setup though it might take a little extra time to setup initially.
  John

• How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

  How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

  Hi,
  According to your description, my understanding is that you want to set security group as admin of primary and secondary site collection using PowerShell command in office 365.
  I suggest you can use the command below to set the group to site owner, then it will have the site collection admin permission.
  Set-SPOSite -Identity https://contoso.sharepoint.com/sites/site1 -Owner [email protected] -NoWait
  Here are some detailed articles for your reference:
  https://technet.microsoft.com/en-us/library/fp161394(v=office.15)
  http://blogs.realdolmen.com/experts/2013/08/16/managing-sharepoint-online-with-powershell/
  Thanks
  Best Regards
  Jerry Guo
  TechNet Community Support

• Combine functionality Batch Create Multiple files and Set Security

  Greetings,
  Is there any way to combine the functionality of Acrobat Pro’s “Batch Create Multiple Files” (File (drop down) -> Create PDF -> Batch Create Multiple Files…) and running a batch process (Advanced -> Document Processing -> Batch Processing -> Batch Sequences -> Set Security)?
  Ideally I’d like to either:
  1)      Add the “Set Security” batch process to the “Batch Create Multiple Files … command located under the File (drop down) -> Create PDF
  or
  2)      Be able to create a batch process that first allows me to select the documents (Word, Excel, etc.) I want to convert into PDF files, then converts them, then runs the Set Security batch process.
  Right now it isn’t too much trouble to first “Create Multiple Files…” then run the batch process Set Security, but it would be nice to be able to do both with a single command.
  Any suggestions?
  Thank you,
  TPK

  I have uploaded the files and shared them.  These are the links
  Grade 11 Maths Standardisation Project Paper 2 2013.doc
  https://files.acrobat.com/preview/9694310d-ca7f-4919-883d-c53b36215d89
  Grade 11 Maths Standardisation Project Paper 2 Analysis Grid 2013.doc
  https://files.acrobat.com/preview/97da9e5f-d412-4d25-9bbc-d1a525d90826
  Grade 11 Maths Standardisation Project Paper 2 Diagram Sheet 2013.doc
  https://files.acrobat.com/preview/f50dd62e-af04-4060-85c5-fa81ce6803d8
  Grade 11 Maths Standardisation Project Paper 2 Formula Sheet 2013.doc
  https://files.acrobat.com/preview/7fc6007b-aaa6-4d65-9a8c-bf99818474a5
  Grade 11 Maths Standardisation Project Paper 2 Marking Guidelines 2013.doc
  https://files.acrobat.com/preview/b3a715bb-3683-48df-b0ec-3d17442275be
  Grade 11 Maths Standardisation Project Paper I Analysis Grid 2013.docx
  https://files.acrobat.com/preview/ab62e6b6-0261-434e-8a2f-382f74335685
  The first file is the problem file.  If you create this file separately, Acrobat will convert it perfectly.  But "Batch create multiple files" and the graphics are deconstructed on page 8

• Blackberry Z10,post security wipe...BBM Not working..Showcasing error Unable to complete Set Up and Temporary Server Error"

  I would request you to please help fixing the BBM error - Unable to complete Set Up and Temporary Server Error”.
  I am using a BB Z10 with Software version 10.1.0.4181 and OS version 10.1.0.4633
  Already tried resetting device to Factory Settings and Security Wipe...
  Please help.

  Hey KaranPrabhakar,
  Welcome to the BlackBerry Support Community Forums.
  Thanks for the question.
  Follow the steps in this KB article to resolve the issue: www.blackberry.com/btsc/KB33780
  Let me know if you have any more questions.
  Cheers.
  -ViciousFerret
  Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
  Be sure to click Like! for those who have helped you.
  Click  Accept as Solution for posts that have solved your issue(s)!