WAS4 HttpSession.getId() != JSESSIONID cookie value

Similar Messages

• Jsessionid cookie value being reused?

  All,
  I'm experiencing a session cookie problem when two apps reside on the same server, but different ports.
  Suppose I have two browser windows which are different threads under the same process, such as tabs in Mozilla Firefox or a 'parent' and 'child' IE window. If I open two tabs, and navigate to http://myserver:7300/app1 in the first, and http://myserver:7400/app2 in the next, the browser appears to reuse the JSESSIONID value sent from the server in window 1. The headers show:
  Window 1:
  Request: GET /myapp1/login.do HTTP/1.1 (...)
  Response: HTTP/1.1 200 OK (...)
  Set-Cookie: JSESSIONID=BqSbl14eLq9VxOTEwzKYuld1VB0Qr17n5rjKBJGxOT4EjpVFnCk9!1415971045; path=/
  Window 2:
  Request: GET /myapp1/login.do HTTP/1.1 (...)
  Cookie: JSESSIONID=BqSbl14eLq9VxOTEwzKYuld1VB0Qr17n5rjKBJGxOT4EjpVFnCk9!1415971045
  Response: HTTP/1.1 200 OK (...)
  Set-Cookie: JSESSIONID=BqSi212dTTrbYATSSyDfGNmiwC0PNKiGJ7gN0zslyHxSpXTJOsVB!-1687983613; path=/
  In the second window the server clearly sends a separate session id, but the browser sends back the cookie received in the first window. This has the effect of preventing the user from using both apps at once in a tabbed browser. The server gets the sessions confused and they get booted out of the first app when they log in to the seond.
  Has anyone else seen a similar situation?
  Thanks for your help,
  Brian

  I have this problem in login (using session cookie) between two apps with IE. With Firefox it works fine.
  I have two apps, like:
  - A: http://this.app.com
  - and for testing and education B: http://edu.this.app.com
  The problem occurs when I first login to app A and then try to login to app B in same IE-window.
  Login to A works ok, but when I login in B, once created session disapperas at followed request.
  It seems to happen that when B asks session cookie from IE, IE returns both A's and B's session cookies.
  At B request.getSession(false) apparently returns null because it tries to use A's session cookie or being two JSESSIONID session cookies..
  When first login to B, there are no problems.
  Am I right? Is there any way to use B's session cookie except changing this.app.com to use.this.app.com?

• Unable to recreate JSESSIONID cookie in Internet Explorer

  Hello All,
  (Running  CF Version: 9,0,0,251028,   Windows 2008 Server,  IIS-7)
  I am using the code below to expire the JSESSIONID cookie that is generated by CF because CF does not set the "HTTPOnly" and "Secure" cookie attributes by default when the JSESSIONID is initially created .  I am then recreating the JSESSIONID cookie with the required attributes.
  This works great for all browsers EXCEPT Internet Explorer!
  When the code below runs in Internet Explorer, the JSESSIONID cookie does become expired as it should as seen in the 1st line of the function below.  However, The script after that fails to recreate the JSESSIONID in Internet Explorer.  this is driving me nuts because it works like a charm in ALL other browsers.
  I am aware of the solution which involves setting these attributes in an xml configuration file on the CF server.  However that solution is not an option for me.  I am forced to use the method below to setup my secure/httponly JSESSIONID cookie.  Any ideas would be greatly appreciated!!!
  <cffunction name="OnSessionStart" output="false" access="public" description="I fix the sessionid">  
           <cfcookie name="JSESSIONID" expires="now"/>              
         <cfscript> 
            var.HTTPOnly = "HTTPOnly";
            var.domain = cgi.server_name;       
            var.path = "/";
            var.secure = "Secure;";                         
            var.response = getPageContext().getResponse();              
            var.header = "JSESSIONID" & "=" & session.sessionid & ";domain=." & var.domain & ";path=" & var.path & ";" & var.secure & var.HTTPOnly;
            var.response.setHeader("SET-COOKIE", var.header);             
          </cfscript>       
          <cfreturn />
    </cffunction>

  Below is the responseHeader dump (from IE9).
  Looks the exact same in FireFox and Chrome.  However,  a cfdump of the cookie scope will reveal (JSESSIONID=), nothing, zip, zilch, nada in IE9. Since the JSESSIONID cookie value is empty or null, a login attempt will result in a flash of the screen and the user is never logged in.
  While a cfdump of Firefox and Chrome happily display a valid JSESSIONID cookie value and allow users to login to my application just fine.
  (Note:  The secure attribute is intentionally turned off due to my non-ssl dev pc.)
  Cache-Control
  no-cache, no-store, must-revalidate
  Connection
  close
  Content-Type
  text/html; charset=UTF-8
  Date
  Sat, 10 Sep 2011 19:35:08 GMT
  Explanation
  OK
  Http_Version
  HTTP/1.0
  SET-COOKIE
  struct
  1
  JSESSIONID=843032102a51ca7bfa0f60831221c8642e45;domain=.localhost;path=/;HTTPOnly
  2
  JSESSIONID=843032102a51ca7bfa0f60831221c8642e45;path=/
  3
  JSESSIONID=;expires=Fri, 10-Sep-2010 19:35:08 GMT;path=/
  Server
  JRun Web Server
  Status_Code
  200
  X-Frame-Options
  deny
  X-XSS-Protection
  1; mode=block
  expires
  {ts '2011-09-10 15:35:08'}
  pragma
  no-cache
  Thanks for the help!
  Neil

• Share JSESSIONID cookie between 2 contexts

  Hi all,
  I am trying to share the JSESSIONID cookie between 2 contexts on the same virtual server.
  www.evador.ca/a and www.evador.ca/b
  I tried to put the following in my sun-web.xml:
  <session-config>
  <cookie-properties>
  <property name="cookieDomain" value=".evador.ca";>
  <description>The domain for which the cookie is valid.</description>
  </property>
  <property name="cookiePath" value="/" />
  </cookie-properties>
  </session-config>
  With Firefox I can look at the cookies created. There is only one JSESSIONID with path / and domain .evador.ca. But even with these encouraging info I cannot see the cookie in both contexts...
  I have an another cookie for localization purposes (That I create my self) called lang and believe it or not this works:
  langCookie.setMaxAge(Integer.MAX_VALUE);
  langCookie.setPath("/");
  langCookie.setDomain(domainName);
  response.addCookie(langCookie);
  What am I doing wrong?
  Thank you,
  Luc
  Edited by: lucbard on Dec 7, 2007 2:55 PM

  Servlet specification mentions:
  SRV.7.3 Session Scope
  HttpSession objects must be scoped at the application (or servlet context) level.
  The underlying mechanism, such as the cookie used to establish the session, can be
  the same for different contexts, but the object referenced, including the attributes in that object, must never be shared between contexts by the container.
  You cannot share a cookie between 2 contexts.

• EncodeURL() vs. HttpSession.getId()

  What is the difference between the information obtained from encodeURL() vs.
            HttpSession.getId()?
            

  I think the second solution will work if you simply do encodeURL and strip-off
            session id (note that this works differently in 5.1 and 6.0 - in 5.1 it is a parameter
            and in 6.0 it is a part of the url: foo.jsp;jsessionid=...). I do not think it ever
            changes for a given session unless failover happens (then this string will change
            to reflect new primary).
            Jeffrey Winter <[email protected]> wrote:
            > There are two related issues: one, this is a cookie-less site; and two, we
            > are using XSL for all of our presentation.
            > As with any presentation, the stylesheets are going to have a lot of links
            > embedded in them. For an ASP page it's simple to just use encodeURL around
            > every link; however, this is a problem when using XSL.
            > There are a couple of possible solutions:
            > One: pull all the href attributes out of the stylesheet and instead
            > incorporate them into the XML document. This would allow us to perform
            > encodeURL() on the link data before adding it to the XML document. The
            > issue here is that presentation information would have to reside in the XML
            > document; i.e. if a new link is needed on the page, the XML document would
            > have to make sure to include it.
            > <PageInfo>
            > <Data>
            > <!-- page specific business data -->
            > </Data>
            > <Links>
            > <!-- named links that have had encodeURL applied -->
            > </Links>
            > </PageInfo>
            > Two: add just the session information to the XML document and have the
            > stylesheet append this on to the embedded links. This is conceptually
            > easier since the XML only needs to have the session information added.
            > <PageInfo>
            > <Data>
            > <!-- page specific business data -->
            > </Data>
            > <SessionInfo id="asdflkjasdflkjasdfjkl"/>
            > </PageInfo>
            > We would prefer to use the second solution, but we would need a way of
            > creating the proper information that encodeURL would add.
            Dimitri
            

• How to set cookie value in one page and retrieve in another page using setA

  How to set cookie value in one page and retrieve in another page using setActionListener?
  I have tried with following code srcpage.jspx->destpage.jspx
  srcpage.jspx
  <af:table value="#{bindings.DepartmentsView1.collectionModel}"
  var="emp" rows="#{bindings.EMPView1.rangeSize}"
  first="#{bindings.EMPView1.rangeStart}"
  emptyText="#{bindings.DepartmentsView1.viewable ? 'No rows yet.' : 'Access Denied.'}">
  <af:column sortProperty="EmployeeName" sortable="false"
  headerText="Cookie Testing">
  <af:commandLink text="#{emp.EmployeeName}" action="success">
  <af:setActionListener from="#{emp.EmployeeName}"
  to="#{cookie}"/>
  </af:commandLink>
  </af:column>
  </af:table>
  espage.jspx
  <af:outputText value="Test Cookie Value: #{cookie}"/>
  ,Here Test Cookie Value prints the following instead of its original String value
  {JSESSIONID=javax.servlet.http.Cookie@7da288, oracle.uix=javax.servlet.http.Cookie@399f62}
  I have passed employee name "Robert" to cookie in srcpage.jspx,but it prints "JSESSIONID....." instead of "Robert" in destpage.jspx
  Thanks in advance
  Kalee

  Hi,
  "cookie" is a reserved name. If you want to write to a session scope attribute called "cookie" then you have to call #{sessionScope.cookie}. If you want to use EL to set and read from cookies then you will have to use
  #{cookie.cookieName}
  Note that #{cookie} writes to and returns a map
  check this: http://www.informit.com/articles/article.aspx?p=30946&seqNum=7
  Frank

• No JSESSIONID cookie found in log-in response

  The below code keeps throwing the "No JSESSIONID cookie found in log-in response"
  Public Sub Establish()
  If Not sessionId Is Nothing Then
  Destroy()
  End If
  CheckUsernamePassword()
  Dim req As HttpWebRequest
  req = WebRequest.Create(GetLogInURL())
  req.Headers.Add("UserName", username)
  req.Headers.Add("Password", password)
  req.CookieContainer = New CookieContainer
  Dim resp As HttpWebResponse
  resp = req.GetResponse()
  If resp.StatusCode = System.Net.HttpStatusCode.OK Then
  cookie = resp.Cookies("JSESSIONID")
  If cookie Is Nothing Then
  Throw New Exception("No JSESSIONID cookie found in log-in response!")
  End If
  sessionId = cookie.Value
  End If
  End Sub
  Any help on what I can do for this would be appreciated. Thanks.

  Hi,
  a VB Class for managing Session..
  __________________________________________ START OF FILE __________________________________________
  Imports System
  Imports System.Net
  Imports System.Web.Services.Protocols
  Public Class Session
  Public protocol As String = "https"
  Public server As String
  Public port As String = "443"
  Public username As String
  Public password As String
  Public sessionId As String = Nothing
  Public cookie As cookie
  Public Sub Establish()
  If Not sessionId Is Nothing Then
  Destroy()
  End If
  'Check that username and password have been specified
  CheckUsernamePassword()
  ' create a container for an HTTP request
  Dim req As HttpWebRequest
  req = WebRequest.Create(GetLogInURL())
  'username and password are passed as HTTP headers
  req.Headers.Add("UserName", username)
  req.Headers.Add("Password", password)
  'req.Headers.Add("Proxy", "proxy")
  'req.Headers.Add("Port", "80")
  ' cookie container has to be added to request in order to
  ' retrieve the cookie from the response.
  req.CookieContainer = New CookieContainer
  ' make the HTTP call
  Dim resp As HttpWebResponse
  resp = req.GetResponse()
  If resp.StatusCode = System.Net.HttpStatusCode.OK Then
  'store cookie for later...
  cookie = resp.Cookies("JSESSIONID")
  If cookie Is Nothing Then
  Throw New Exception("No JSESSIONID cookie found in log-in response!")
  End If
  sessionId = cookie.Value
  End If
  End Sub
  Public Sub Destroy()
  ' create a container for an HTTP request
  Dim req As HttpWebRequest
  req = WebRequest.Create(GetLogOffURL())
  ' reuse the cookie that was received at Login
  req.CookieContainer = New CookieContainer
  req.CookieContainer.Add(cookie)
  ' make the HTTP call
  Dim resp As HttpWebResponse
  resp = req.GetResponse()
  If resp.StatusCode <> System.Net.HttpStatusCode.OK Then
  Throw New Exception("Logging off failed!")
  End If
  ' forget current session id
  sessionId = Nothing
  End Sub
  Public Function GetURL() As String
  If sessionId Is Nothing Then
  Throw New Exception("No session has been established!")
  End If
  CheckServerPort()
  Return protocol + "://" + server + "/Services/Integration;jsessionid=" + sessionId
  End Function
  Public Function GetURL(ByVal obj As String) As String
  If sessionId Is Nothing Then
  Throw New Exception("No session has been established!")
  End If
  CheckServerPort()
  Return protocol + "://" + server + ":" + port + "/Services/Integration/" + obj
  End Function
  Private Function GetLogInURL() As String
  CheckServerPort()
  Return protocol + "://" + server + "/Services/Integration?command=login"
  End Function
  Private Function GetLogOffURL() As String
  CheckServerPort()
  Return protocol + "://" + server + "/Services/Integration?command=logoff"
  End Function
  Private Sub CheckServerPort()
  If server Is Nothing Then
  Throw New Exception("Server not specified!")
  End If
  If port Is Nothing Then
  Throw New Exception("Port not specified!")
  End If
  End Sub
  Private Sub CheckUsernamePassword()
  If username Is Nothing Then
  Throw New Exception("Username not specified!")
  End If
  If password Is Nothing Then
  Throw New Exception("Password not specified!")
  End If
  End Sub
  End Class
  __________________________________________ START OF FILE __________________________________________
  Regards,
  Gerald

• Static cookie Value

  Can anybody telle me the purpose of the number (56) in the following statement:
  56 static cookie-value "R355972695" rserver HQCHECOM01

  Hi Regent,
  It does seem to be the line number but it increase by 8 for every entry. Couldn't find anything else for that number.
  switch/Admin(config-sticky-cookie)# do sh running-config sticky test
  Generating configuration....
  sticky http-cookie jsessionid test
    8 static cookie-value "R1" rserver r1
    16 static cookie-value "R2" rserver r2
    24 static cookie-value "R3" rserver r3
    32 static cookie-value "R4" rserver r4
    40 static cookie-value "R5" rserver r5
    48 static cookie-value "R6" rserver r6
    56 static cookie-value "R7" rserver r7
  Regards,
  Kanwal

• HttpSession.getId() vs. encodeURL()

            When running a url through encodeURL, the jsession id value that is appended
            to the url looks something like:
            Ow5lI6NruJKJ4NRsLoeDdGmBQj2XBh6osot1J1ElBy1Ob2ibdcSE!1333244284149827329!-10
            62731428!7001!7002
            However, when obtaining the session id from HttpSession.getId() the session
            id looks like:
            Ow5lI6NruJKJ4NRsLoeDdGmBQj2XBh6osot1J1ElBy1Ob2ibdcSE
            I.e., without all the goo past the !.
            Since we have a bunch of static urls embedded in xslt stylesheets, I need to
            append the session id to the url by hand.
            Is is valid to just use the session id obtained from getId() and append that
            on? What other information is being added through encodeURL()?
            

            Hi,
            I'm using encodeURL on WLS 5.1 sp6, wls produces this url:
            There is a pipe "|" character in the URL that crash our Nokia wap gateway (the
            pipe char is not compatible with URLsl, as in RFC1738).
            How can I make WLS not to put the pipe (and all the other goo after) in the URL
            THANKS
            "Vinod Mehra" <[email protected]> wrote:
            >
            >"Jeffrey Winter" <[email protected]> wrote in message
            >news:[email protected]...
            >>
            >> When running a url through encodeURL, the jsession id value that is
            >appended
            >> to the url looks something like:
            >>
            >>
            >Ow5lI6NruJKJ4NRsLoeDdGmBQj2XBh6osot1J1ElBy1Ob2ibdcSE!1333244284149827329!-10
            >> 62731428!7001!7002
            >>
            >> However, when obtaining the session id from HttpSession.getId() the
            >session
            >> id looks like:
            >>
            >> Ow5lI6NruJKJ4NRsLoeDdGmBQj2XBh6osot1J1ElBy1Ob2ibdcSE
            >>
            >> I.e., without all the goo past the !.
            >>
            >> Since we have a bunch of static urls embedded in xslt stylesheets,
            >I need
            >to
            >> append the session id to the url by hand.
            >>
            >> Is is valid to just use the session id obtained from getId() and append
            >that
            >> on?
            >
            >Yes. Apparently it was broken, but has been fixed. Contact support for
            >a
            >patch if
            >you cannot wait for the next release.
            >
            >The best way to do is to use response.encodeURL().
            >
            >>What other information is being added through encodeURL()?
            >
            >SessionID + Primary/Secodary info (the goo you were talking about).
            >
            >--Vinod.
            >
            >
            >>
            >>
            >
            >

• Unable to delete JSESSIONID cookie from ADF application

  Hi all
  I have a ADF application where i am using Logout button with action in managed bean. I want to delete the JSESSIONID cookie after logout.
  The logout bean is invalding the session and deleting the cookies. See code below.
  However code is not deleting the JSESSIONID cookie. I can see the cookie still exist in browser. Tester can use "back" button of browser and can see the user is still logged in application.
  How can delete JESSIONID cookie permanetly after logout action ? Am i missing some thing in code ? I am uing JDeveloper 11.1.1.5.0
  Mukesh
  =======
  public String AfterLogOut_action() {
  FacesContext fctx = FacesContext.getCurrentInstance();
  ExternalContext ectx = fctx.getExternalContext();
  String url = ectx.getRequestContextPath() + "/adfAuthentication?logout=true&end_url=/login.html";
  HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
  HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
  HttpSession session = (HttpSession)ectx.getSession(false);
  // Step 1 : delete the cookies
  if (request.getCookies() != null) {    
  for (Cookie cookie : request.getCookies()) {
  cookie.setMaxAge(0);
  cookie.setPath("/");
  response.addCookie(cookie);
  // Step 2 : Invalidate the session
  try {
  session.invalidate();
  ectx.redirect(url);
  } catch (IOException e) {
  e.printStackTrace();
  fctx.responseComplete();
  return null;
  ==========
  Edited by: Mukesh S Patil on May 11, 2013 5:44 PM

  Hi Guys.
  Any help ?
  Mukesh

• Change JSESSIONID Cookie Name

  Can anyone provide a means for changing the JSESSIONID cookie name in IWS 6 to something else?
  I can not locate a mechanism for doing this anywhere.

  Thankyou Sultal for the response.
  Actually we are migrating the application server from Weblogic5.1 to Sun application server 8.2. The client is a mobile client and it sends the Cookie as 'JSESSIONID=session_id_val&WeblogicSession=session_id_val' as parameters, not as request header.It worked fine for Weblogic5.1 but not in Sun Application Server.
  To make it clear :
  Weblogic           :     request.getsession(false) = sessionObj@value
  Sun Application Server      :     request.getsession(false) = null
  Sun Application Server      :     request.getParameter("JSESSIONID") = session_id_val
  In the Weblogic5.1 we have set the cookie & session parameters in the weblogic.properties file as:
  weblogic.httpd.session.cookies.enable=true
  weblogic.httpd.session.cookie.name=WebLogicSession
  weblogic.httpd.session.neverReadPostData=false
  weblogic.httpd.session.timeoutSecs=120
  In case of Sun application server , JSESSIONID is not coming as a cookie , request.getsession(false) is returning null value.Is there a way to initialize the session with JSESSIONID request parameter?

• Disable jsessionid cookie in obiee 11g

  Hi All,
  How to disable creation of "jsessionid" cookie in a web browser.
  is something we can do from weblogic side? Appreciate our help.
  Thanks
  Ram

  Hi All,
  How to disable creation of "jsessionid" cookie in a web browser.
  is something we can do from weblogic side? Appreciate our help.
  Thanks
  Ram

• My site changes cookie to store user options; worked in v3 but broke in v5/6. How do I change cookie value now?

  Some 8 months ago, I started saving user options in my cookie; as user changed options, my php code change the cookie value. I work normally with Camino, but verify with Firefox (V. 3). An associate with a newer MacBook Pro, with Firefox V. 5, tried my site and reported that the option change 'did not take'. I tried using my V.3, and everything worked. Realizing that I should be on V. 6, I upgraded today, and myself verified that the 'new' cookie value is NOT being saved. Rather, a second cookie is being created but with WITH NO VALUE. Result: old cookie has old option value; new cookie has no value. I tried also with Safari, and got this same result. So, there must be a way to update a cookie value, just unknown to me. Please advise as to new/proper header(s) to send from my server to change cookie value.

  Make sure that the cookies are created for the proper path.
  A good place to ask questions and advice about web development is at the mozillaZine Web Development/Standards Evangelism forum.<br />
  The helpers at that forum are more knowledgeable about web development issues.<br />
  You need to register at the mozillaZine forum site in order to post at that forum.
  See http://forums.mozillazine.org/viewforum.php?f=25

• Setting the cookies value

  hi,
  when i do, submiting the page i'm able to set the cookie value.I'm not getting any messages. But the Same time when i call the proceudre with parameters from the URL i'm not able to store the cookie value.
  It display's the message like this and the value is not stored in the cookies
  Content-type: text/html Set-Cookie: emp_no=9999X; path=/;
  my code is :
  owa_util.mime_header('text/html',FALSE);
       owa_cookie.send('emp_no',UPPER(lv_emp_no),null,'/',null,null);
  owa_util.http_header_close;
  How do i solve this problem?
  Thanks

  Hi,
  Here are a couple of things you can try:
  1) remove the following line because it shouldn't be necessary:
  the_cookie.num_vals :=0;2) remove the following line because the owa_cookie.send will automatically replace any existing cookie:
       owa_cookie.remove('emp_no',the_cookie.vals(1),null);3) try capturing the cookie value in a local variable and printing it (after htp.body, of course) to see if it is working correctly.
  4) enable the browser to prompt you when a cookie is being set so that you can verify whether it is being set or not.
  HTH,
  Ashesh Parekh
  Oracle9iAS Product Management
  hi,
  Something like this...
  Code
  PROCEDURE checkLogin ( emp_no in varchar2 default NULL) IS
       pv_check_f      BOOLEAN ;
  the_cookie      owa_cookie.cookie;
  BEGIN
  pv_check_f := FUN_EMP_PASSWORD(UPPER(emp_no) ) ;
  IF NOT pv_check_f THEN
       v_msg := 'Sorry Log on denied';
       RAISE EMP_ERROR;
       END IF ;
  the_cookie.num_vals :=0;
  the_cookie:= owa_cookie.get('emp_no');
  if the_cookie.num_vals= 0 then
            owa_util.mime_header('text/html',FALSE);
            owa_cookie.send('emp_no',UPPER(emp_no),null,'/',null,null);
            owa_util.http_header_close;
       else     
            owa_util.mime_header('text/html',FALSE);
       owa_cookie.remove('emp_no',the_cookie.vals(1),null);
            owa_cookie.send('emp_no',UPPER(emp_no),null,'/',null,null);
  owa_util.http_header_close;
  end if;
  htp.p('<script language="javascript">
  window.location="http://www...URL";
  </script>');
       htp.formclose;
  EXCEPTION
       WHEN EMP_ERROR THEN
       Pageheader;
  Procedurename.Banner('Login denied');
  htp.fontOpen('red','Arial Narrow');
  htp.header(3,lv_msg);
  loginagain;
  htp.fontClose;
  htp.centeropen;
       htp.br;
       htp.p('<INPUT type="button" value="Back" onClick="history.back()">');
       htp.br;
       htp.centerclose;
  pagefooter;
  END checkLogin;
  calling the Procedure "checklogin" with the parameter emp_no from the URL like this
  "http://....:8810/dir/Packname.checkLogin?emp_no=9ABCDS".
  Waiting for ur replay.
  Thanks.

• Create the JSESSIONID cookie with the secure flag

  Hello,
  I wonder if it is possible, through UCM or Weblogic configurations, to automatically create the JSESSIONID cookie used when a user is logged on with the secure flag?
  I have not found any parameters so far that could allow this.
  Thanks in advance!

  We have public Websites running on UCM/SiteStudio which are only accessible through SSL by visitors. The aim is that every cookies should be secure to be sure that they are not transmitted in plain text to our server.
  We thus would like to find a way to put the secure flag on JSESSIONID to avoid any case of session hijacking.
  Thanks.
  Edited by: Leo-G on 17 juil. 2012 23:57