WAS4 HttpSession.getId() != JSESSIONID cookie value
Question: Should the session identifier value assigned to the JSESSIONID cookie by the servlet container be the exact same value returned by calling HttpSession.getId()?
IBM's WebSphere Application Server (AEs) Version 4.0.x (WAS4) does not return the same value. The session identifier value assigned to the JSESSIONID cookie is 27 characters long, but the value returned by HttpSession.getId() only returns 23 characters. More precisely it is the last 23 characters of the 27 character value assigned to the JSESSIONID cookie.
WAS4 is supposed to support Sun's Java Servlet Specification Version 2.2. In my opinion, it does not fully 100% support this specification because of what I just stated above.
I would like to hear the Java Servlet Developer Community's opinion on this. Especially you Java Servlet Specification people and Sun.
Here is the API documentation for HttpSession.getId().
===================================
getId()
public java.lang.String getId()
Returns a string containing the unique identifier assigned to this session. The identifier is assigned by the servlet container and is implementation dependent.
Returns: a string specifying the identifier assigned to this session
===================================
Full HttpSession API documentation found at: http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet/http/HttpSession.html
Sun's Java Servlet Specification V2.2 documentation:
ftp://ftp.java.sun.com/pub/servlet/22final-182874/servlet2_2-spec.pdf
UPDATE: The value of the JSESSIONID cookie is not 27 characters long, its 30 characters long. the lenght of the value returned by HttpSession.getId() is still only 23 characters long. IBM has inserted 4 characters in the front and 3 characters in the back.
30 != 23
Similar Messages
-
Jsessionid cookie value being reused?
All,
I'm experiencing a session cookie problem when two apps reside on the same server, but different ports.
Suppose I have two browser windows which are different threads under the same process, such as tabs in Mozilla Firefox or a 'parent' and 'child' IE window. If I open two tabs, and navigate to http://myserver:7300/app1 in the first, and http://myserver:7400/app2 in the next, the browser appears to reuse the JSESSIONID value sent from the server in window 1. The headers show:
Window 1:
Request: GET /myapp1/login.do HTTP/1.1 (...)
Response: HTTP/1.1 200 OK (...)
Set-Cookie: JSESSIONID=BqSbl14eLq9VxOTEwzKYuld1VB0Qr17n5rjKBJGxOT4EjpVFnCk9!1415971045; path=/
Window 2:
Request: GET /myapp1/login.do HTTP/1.1 (...)
Cookie: JSESSIONID=BqSbl14eLq9VxOTEwzKYuld1VB0Qr17n5rjKBJGxOT4EjpVFnCk9!1415971045
Response: HTTP/1.1 200 OK (...)
Set-Cookie: JSESSIONID=BqSi212dTTrbYATSSyDfGNmiwC0PNKiGJ7gN0zslyHxSpXTJOsVB!-1687983613; path=/
In the second window the server clearly sends a separate session id, but the browser sends back the cookie received in the first window. This has the effect of preventing the user from using both apps at once in a tabbed browser. The server gets the sessions confused and they get booted out of the first app when they log in to the seond.
Has anyone else seen a similar situation?
Thanks for your help,
BrianI have this problem in login (using session cookie) between two apps with IE. With Firefox it works fine.
I have two apps, like:
- A: http://this.app.com
- and for testing and education B: http://edu.this.app.com
The problem occurs when I first login to app A and then try to login to app B in same IE-window.
Login to A works ok, but when I login in B, once created session disapperas at followed request.
It seems to happen that when B asks session cookie from IE, IE returns both A's and B's session cookies.
At B request.getSession(false) apparently returns null because it tries to use A's session cookie or being two JSESSIONID session cookies..
When first login to B, there are no problems.
Am I right? Is there any way to use B's session cookie except changing this.app.com to use.this.app.com? -
Unable to recreate JSESSIONID cookie in Internet Explorer
Hello All,
(Running CF Version: 9,0,0,251028, Windows 2008 Server, IIS-7)
I am using the code below to expire the JSESSIONID cookie that is generated by CF because CF does not set the "HTTPOnly" and "Secure" cookie attributes by default when the JSESSIONID is initially created . I am then recreating the JSESSIONID cookie with the required attributes.
This works great for all browsers EXCEPT Internet Explorer!
When the code below runs in Internet Explorer, the JSESSIONID cookie does become expired as it should as seen in the 1st line of the function below. However, The script after that fails to recreate the JSESSIONID in Internet Explorer. this is driving me nuts because it works like a charm in ALL other browsers.
I am aware of the solution which involves setting these attributes in an xml configuration file on the CF server. However that solution is not an option for me. I am forced to use the method below to setup my secure/httponly JSESSIONID cookie. Any ideas would be greatly appreciated!!!
<cffunction name="OnSessionStart" output="false" access="public" description="I fix the sessionid">
<cfcookie name="JSESSIONID" expires="now"/>
<cfscript>
var.HTTPOnly = "HTTPOnly";
var.domain = cgi.server_name;
var.path = "/";
var.secure = "Secure;";
var.response = getPageContext().getResponse();
var.header = "JSESSIONID" & "=" & session.sessionid & ";domain=." & var.domain & ";path=" & var.path & ";" & var.secure & var.HTTPOnly;
var.response.setHeader("SET-COOKIE", var.header);
</cfscript>
<cfreturn />
</cffunction>Below is the responseHeader dump (from IE9).
Looks the exact same in FireFox and Chrome. However, a cfdump of the cookie scope will reveal (JSESSIONID=), nothing, zip, zilch, nada in IE9. Since the JSESSIONID cookie value is empty or null, a login attempt will result in a flash of the screen and the user is never logged in.
While a cfdump of Firefox and Chrome happily display a valid JSESSIONID cookie value and allow users to login to my application just fine.
(Note: The secure attribute is intentionally turned off due to my non-ssl dev pc.)
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Type
text/html; charset=UTF-8
Date
Sat, 10 Sep 2011 19:35:08 GMT
Explanation
OK
Http_Version
HTTP/1.0
SET-COOKIE
struct
1
JSESSIONID=843032102a51ca7bfa0f60831221c8642e45;domain=.localhost;path=/;HTTPOnly
2
JSESSIONID=843032102a51ca7bfa0f60831221c8642e45;path=/
3
JSESSIONID=;expires=Fri, 10-Sep-2010 19:35:08 GMT;path=/
Server
JRun Web Server
Status_Code
200
X-Frame-Options
deny
X-XSS-Protection
1; mode=block
expires
{ts '2011-09-10 15:35:08'}
pragma
no-cache
Thanks for the help!
Neil -
Share JSESSIONID cookie between 2 contexts
Hi all,
I am trying to share the JSESSIONID cookie between 2 contexts on the same virtual server.
www.evador.ca/a and www.evador.ca/b
I tried to put the following in my sun-web.xml:
<session-config>
<cookie-properties>
<property name="cookieDomain" value=".evador.ca";>
<description>The domain for which the cookie is valid.</description>
</property>
<property name="cookiePath" value="/" />
</cookie-properties>
</session-config>
With Firefox I can look at the cookies created. There is only one JSESSIONID with path / and domain .evador.ca. But even with these encouraging info I cannot see the cookie in both contexts...
I have an another cookie for localization purposes (That I create my self) called lang and believe it or not this works:
langCookie.setMaxAge(Integer.MAX_VALUE);
langCookie.setPath("/");
langCookie.setDomain(domainName);
response.addCookie(langCookie);
What am I doing wrong?
Thank you,
Luc
Edited by: lucbard on Dec 7, 2007 2:55 PMServlet specification mentions:
SRV.7.3 Session Scope
HttpSession objects must be scoped at the application (or servlet context) level.
The underlying mechanism, such as the cookie used to establish the session, can be
the same for different contexts, but the object referenced, including the attributes in that object, must never be shared between contexts by the container.
You cannot share a cookie between 2 contexts. -
EncodeURL() vs. HttpSession.getId()
What is the difference between the information obtained from encodeURL() vs.
HttpSession.getId()?
I think the second solution will work if you simply do encodeURL and strip-off
session id (note that this works differently in 5.1 and 6.0 - in 5.1 it is a parameter
and in 6.0 it is a part of the url: foo.jsp;jsessionid=...). I do not think it ever
changes for a given session unless failover happens (then this string will change
to reflect new primary).
Jeffrey Winter <[email protected]> wrote:
> There are two related issues: one, this is a cookie-less site; and two, we
> are using XSL for all of our presentation.
> As with any presentation, the stylesheets are going to have a lot of links
> embedded in them. For an ASP page it's simple to just use encodeURL around
> every link; however, this is a problem when using XSL.
> There are a couple of possible solutions:
> One: pull all the href attributes out of the stylesheet and instead
> incorporate them into the XML document. This would allow us to perform
> encodeURL() on the link data before adding it to the XML document. The
> issue here is that presentation information would have to reside in the XML
> document; i.e. if a new link is needed on the page, the XML document would
> have to make sure to include it.
> <PageInfo>
> <Data>
> <!-- page specific business data -->
> </Data>
> <Links>
> <!-- named links that have had encodeURL applied -->
> </Links>
> </PageInfo>
> Two: add just the session information to the XML document and have the
> stylesheet append this on to the embedded links. This is conceptually
> easier since the XML only needs to have the session information added.
> <PageInfo>
> <Data>
> <!-- page specific business data -->
> </Data>
> <SessionInfo id="asdflkjasdflkjasdfjkl"/>
> </PageInfo>
> We would prefer to use the second solution, but we would need a way of
> creating the proper information that encodeURL would add.
Dimitri
-
How to set cookie value in one page and retrieve in another page using setA
How to set cookie value in one page and retrieve in another page using setActionListener?
I have tried with following code srcpage.jspx->destpage.jspx
srcpage.jspx
<af:table value="#{bindings.DepartmentsView1.collectionModel}"
var="emp" rows="#{bindings.EMPView1.rangeSize}"
first="#{bindings.EMPView1.rangeStart}"
emptyText="#{bindings.DepartmentsView1.viewable ? 'No rows yet.' : 'Access Denied.'}">
<af:column sortProperty="EmployeeName" sortable="false"
headerText="Cookie Testing">
<af:commandLink text="#{emp.EmployeeName}" action="success">
<af:setActionListener from="#{emp.EmployeeName}"
to="#{cookie}"/>
</af:commandLink>
</af:column>
</af:table>
espage.jspx
<af:outputText value="Test Cookie Value: #{cookie}"/>
,Here Test Cookie Value prints the following instead of its original String value
{JSESSIONID=javax.servlet.http.Cookie@7da288, oracle.uix=javax.servlet.http.Cookie@399f62}
I have passed employee name "Robert" to cookie in srcpage.jspx,but it prints "JSESSIONID....." instead of "Robert" in destpage.jspx
Thanks in advance
KaleeHi,
"cookie" is a reserved name. If you want to write to a session scope attribute called "cookie" then you have to call #{sessionScope.cookie}. If you want to use EL to set and read from cookies then you will have to use
#{cookie.cookieName}
Note that #{cookie} writes to and returns a map
check this: http://www.informit.com/articles/article.aspx?p=30946&seqNum=7
Frank -
No JSESSIONID cookie found in log-in response
The below code keeps throwing the "No JSESSIONID cookie found in log-in response"
Public Sub Establish()
If Not sessionId Is Nothing Then
Destroy()
End If
CheckUsernamePassword()
Dim req As HttpWebRequest
req = WebRequest.Create(GetLogInURL())
req.Headers.Add("UserName", username)
req.Headers.Add("Password", password)
req.CookieContainer = New CookieContainer
Dim resp As HttpWebResponse
resp = req.GetResponse()
If resp.StatusCode = System.Net.HttpStatusCode.OK Then
cookie = resp.Cookies("JSESSIONID")
If cookie Is Nothing Then
Throw New Exception("No JSESSIONID cookie found in log-in response!")
End If
sessionId = cookie.Value
End If
End Sub
Any help on what I can do for this would be appreciated. Thanks.Hi,
a VB Class for managing Session..
__________________________________________ START OF FILE __________________________________________
Imports System
Imports System.Net
Imports System.Web.Services.Protocols
Public Class Session
Public protocol As String = "https"
Public server As String
Public port As String = "443"
Public username As String
Public password As String
Public sessionId As String = Nothing
Public cookie As cookie
Public Sub Establish()
If Not sessionId Is Nothing Then
Destroy()
End If
'Check that username and password have been specified
CheckUsernamePassword()
' create a container for an HTTP request
Dim req As HttpWebRequest
req = WebRequest.Create(GetLogInURL())
'username and password are passed as HTTP headers
req.Headers.Add("UserName", username)
req.Headers.Add("Password", password)
'req.Headers.Add("Proxy", "proxy")
'req.Headers.Add("Port", "80")
' cookie container has to be added to request in order to
' retrieve the cookie from the response.
req.CookieContainer = New CookieContainer
' make the HTTP call
Dim resp As HttpWebResponse
resp = req.GetResponse()
If resp.StatusCode = System.Net.HttpStatusCode.OK Then
'store cookie for later...
cookie = resp.Cookies("JSESSIONID")
If cookie Is Nothing Then
Throw New Exception("No JSESSIONID cookie found in log-in response!")
End If
sessionId = cookie.Value
End If
End Sub
Public Sub Destroy()
' create a container for an HTTP request
Dim req As HttpWebRequest
req = WebRequest.Create(GetLogOffURL())
' reuse the cookie that was received at Login
req.CookieContainer = New CookieContainer
req.CookieContainer.Add(cookie)
' make the HTTP call
Dim resp As HttpWebResponse
resp = req.GetResponse()
If resp.StatusCode <> System.Net.HttpStatusCode.OK Then
Throw New Exception("Logging off failed!")
End If
' forget current session id
sessionId = Nothing
End Sub
Public Function GetURL() As String
If sessionId Is Nothing Then
Throw New Exception("No session has been established!")
End If
CheckServerPort()
Return protocol + "://" + server + "/Services/Integration;jsessionid=" + sessionId
End Function
Public Function GetURL(ByVal obj As String) As String
If sessionId Is Nothing Then
Throw New Exception("No session has been established!")
End If
CheckServerPort()
Return protocol + "://" + server + ":" + port + "/Services/Integration/" + obj
End Function
Private Function GetLogInURL() As String
CheckServerPort()
Return protocol + "://" + server + "/Services/Integration?command=login"
End Function
Private Function GetLogOffURL() As String
CheckServerPort()
Return protocol + "://" + server + "/Services/Integration?command=logoff"
End Function
Private Sub CheckServerPort()
If server Is Nothing Then
Throw New Exception("Server not specified!")
End If
If port Is Nothing Then
Throw New Exception("Port not specified!")
End If
End Sub
Private Sub CheckUsernamePassword()
If username Is Nothing Then
Throw New Exception("Username not specified!")
End If
If password Is Nothing Then
Throw New Exception("Password not specified!")
End If
End Sub
End Class
__________________________________________ START OF FILE __________________________________________
Regards,
Gerald -
Can anybody telle me the purpose of the number (56) in the following statement:
56 static cookie-value "R355972695" rserver HQCHECOM01Hi Regent,
It does seem to be the line number but it increase by 8 for every entry. Couldn't find anything else for that number.
switch/Admin(config-sticky-cookie)# do sh running-config sticky test
Generating configuration....
sticky http-cookie jsessionid test
8 static cookie-value "R1" rserver r1
16 static cookie-value "R2" rserver r2
24 static cookie-value "R3" rserver r3
32 static cookie-value "R4" rserver r4
40 static cookie-value "R5" rserver r5
48 static cookie-value "R6" rserver r6
56 static cookie-value "R7" rserver r7
Regards,
Kanwal -
HttpSession.getId() vs. encodeURL()
When running a url through encodeURL, the jsession id value that is appended
to the url looks something like:
Ow5lI6NruJKJ4NRsLoeDdGmBQj2XBh6osot1J1ElBy1Ob2ibdcSE!1333244284149827329!-10
62731428!7001!7002
However, when obtaining the session id from HttpSession.getId() the session
id looks like:
Ow5lI6NruJKJ4NRsLoeDdGmBQj2XBh6osot1J1ElBy1Ob2ibdcSE
I.e., without all the goo past the !.
Since we have a bunch of static urls embedded in xslt stylesheets, I need to
append the session id to the url by hand.
Is is valid to just use the session id obtained from getId() and append that
on? What other information is being added through encodeURL()?
Hi,
I'm using encodeURL on WLS 5.1 sp6, wls produces this url:
There is a pipe "|" character in the URL that crash our Nokia wap gateway (the
pipe char is not compatible with URLsl, as in RFC1738).
How can I make WLS not to put the pipe (and all the other goo after) in the URL
THANKS
"Vinod Mehra" <[email protected]> wrote:
>
>"Jeffrey Winter" <[email protected]> wrote in message
>news:[email protected]...
>>
>> When running a url through encodeURL, the jsession id value that is
>appended
>> to the url looks something like:
>>
>>
>Ow5lI6NruJKJ4NRsLoeDdGmBQj2XBh6osot1J1ElBy1Ob2ibdcSE!1333244284149827329!-10
>> 62731428!7001!7002
>>
>> However, when obtaining the session id from HttpSession.getId() the
>session
>> id looks like:
>>
>> Ow5lI6NruJKJ4NRsLoeDdGmBQj2XBh6osot1J1ElBy1Ob2ibdcSE
>>
>> I.e., without all the goo past the !.
>>
>> Since we have a bunch of static urls embedded in xslt stylesheets,
>I need
>to
>> append the session id to the url by hand.
>>
>> Is is valid to just use the session id obtained from getId() and append
>that
>> on?
>
>Yes. Apparently it was broken, but has been fixed. Contact support for
>a
>patch if
>you cannot wait for the next release.
>
>The best way to do is to use response.encodeURL().
>
>>What other information is being added through encodeURL()?
>
>SessionID + Primary/Secodary info (the goo you were talking about).
>
>--Vinod.
>
>
>>
>>
>
> -
Unable to delete JSESSIONID cookie from ADF application
Hi all
I have a ADF application where i am using Logout button with action in managed bean. I want to delete the JSESSIONID cookie after logout.
The logout bean is invalding the session and deleting the cookies. See code below.
However code is not deleting the JSESSIONID cookie. I can see the cookie still exist in browser. Tester can use "back" button of browser and can see the user is still logged in application.
How can delete JESSIONID cookie permanetly after logout action ? Am i missing some thing in code ? I am uing JDeveloper 11.1.1.5.0
Mukesh
=======
public String AfterLogOut_action() {
FacesContext fctx = FacesContext.getCurrentInstance();
ExternalContext ectx = fctx.getExternalContext();
String url = ectx.getRequestContextPath() + "/adfAuthentication?logout=true&end_url=/login.html";
HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
HttpSession session = (HttpSession)ectx.getSession(false);
// Step 1 : delete the cookies
if (request.getCookies() != null) {
for (Cookie cookie : request.getCookies()) {
cookie.setMaxAge(0);
cookie.setPath("/");
response.addCookie(cookie);
// Step 2 : Invalidate the session
try {
session.invalidate();
ectx.redirect(url);
} catch (IOException e) {
e.printStackTrace();
fctx.responseComplete();
return null;
==========
Edited by: Mukesh S Patil on May 11, 2013 5:44 PMHi Guys.
Any help ?
Mukesh -
Can anyone provide a means for changing the JSESSIONID cookie name in IWS 6 to something else?
I can not locate a mechanism for doing this anywhere.Thankyou Sultal for the response.
Actually we are migrating the application server from Weblogic5.1 to Sun application server 8.2. The client is a mobile client and it sends the Cookie as 'JSESSIONID=session_id_val&WeblogicSession=session_id_val' as parameters, not as request header.It worked fine for Weblogic5.1 but not in Sun Application Server.
To make it clear :
Weblogic : request.getsession(false) = sessionObj@value
Sun Application Server : request.getsession(false) = null
Sun Application Server : request.getParameter("JSESSIONID") = session_id_val
In the Weblogic5.1 we have set the cookie & session parameters in the weblogic.properties file as:
weblogic.httpd.session.cookies.enable=true
weblogic.httpd.session.cookie.name=WebLogicSession
weblogic.httpd.session.neverReadPostData=false
weblogic.httpd.session.timeoutSecs=120
In case of Sun application server , JSESSIONID is not coming as a cookie , request.getsession(false) is returning null value.Is there a way to initialize the session with JSESSIONID request parameter? -
Disable jsessionid cookie in obiee 11g
Hi All,
How to disable creation of "jsessionid" cookie in a web browser.
is something we can do from weblogic side? Appreciate our help.
Thanks
RamHi All,
How to disable creation of "jsessionid" cookie in a web browser.
is something we can do from weblogic side? Appreciate our help.
Thanks
Ram -
Some 8 months ago, I started saving user options in my cookie; as user changed options, my php code change the cookie value. I work normally with Camino, but verify with Firefox (V. 3). An associate with a newer MacBook Pro, with Firefox V. 5, tried my site and reported that the option change 'did not take'. I tried using my V.3, and everything worked. Realizing that I should be on V. 6, I upgraded today, and myself verified that the 'new' cookie value is NOT being saved. Rather, a second cookie is being created but with WITH NO VALUE. Result: old cookie has old option value; new cookie has no value. I tried also with Safari, and got this same result. So, there must be a way to update a cookie value, just unknown to me. Please advise as to new/proper header(s) to send from my server to change cookie value.
Make sure that the cookies are created for the proper path.
A good place to ask questions and advice about web development is at the mozillaZine Web Development/Standards Evangelism forum.<br />
The helpers at that forum are more knowledgeable about web development issues.<br />
You need to register at the mozillaZine forum site in order to post at that forum.
See http://forums.mozillazine.org/viewforum.php?f=25 -
hi,
when i do, submiting the page i'm able to set the cookie value.I'm not getting any messages. But the Same time when i call the proceudre with parameters from the URL i'm not able to store the cookie value.
It display's the message like this and the value is not stored in the cookies
Content-type: text/html Set-Cookie: emp_no=9999X; path=/;
my code is :
owa_util.mime_header('text/html',FALSE);
owa_cookie.send('emp_no',UPPER(lv_emp_no),null,'/',null,null);
owa_util.http_header_close;
How do i solve this problem?
ThanksHi,
Here are a couple of things you can try:
1) remove the following line because it shouldn't be necessary:
the_cookie.num_vals :=0;2) remove the following line because the owa_cookie.send will automatically replace any existing cookie:
owa_cookie.remove('emp_no',the_cookie.vals(1),null);3) try capturing the cookie value in a local variable and printing it (after htp.body, of course) to see if it is working correctly.
4) enable the browser to prompt you when a cookie is being set so that you can verify whether it is being set or not.
HTH,
Ashesh Parekh
Oracle9iAS Product Management
hi,
Something like this...
Code
PROCEDURE checkLogin ( emp_no in varchar2 default NULL) IS
pv_check_f BOOLEAN ;
the_cookie owa_cookie.cookie;
BEGIN
pv_check_f := FUN_EMP_PASSWORD(UPPER(emp_no) ) ;
IF NOT pv_check_f THEN
v_msg := 'Sorry Log on denied';
RAISE EMP_ERROR;
END IF ;
the_cookie.num_vals :=0;
the_cookie:= owa_cookie.get('emp_no');
if the_cookie.num_vals= 0 then
owa_util.mime_header('text/html',FALSE);
owa_cookie.send('emp_no',UPPER(emp_no),null,'/',null,null);
owa_util.http_header_close;
else
owa_util.mime_header('text/html',FALSE);
owa_cookie.remove('emp_no',the_cookie.vals(1),null);
owa_cookie.send('emp_no',UPPER(emp_no),null,'/',null,null);
owa_util.http_header_close;
end if;
htp.p('<script language="javascript">
window.location="http://www...URL";
</script>');
htp.formclose;
EXCEPTION
WHEN EMP_ERROR THEN
Pageheader;
Procedurename.Banner('Login denied');
htp.fontOpen('red','Arial Narrow');
htp.header(3,lv_msg);
loginagain;
htp.fontClose;
htp.centeropen;
htp.br;
htp.p('<INPUT type="button" value="Back" onClick="history.back()">');
htp.br;
htp.centerclose;
pagefooter;
END checkLogin;
calling the Procedure "checklogin" with the parameter emp_no from the URL like this
"http://....:8810/dir/Packname.checkLogin?emp_no=9ABCDS".
Waiting for ur replay.
Thanks. -
Create the JSESSIONID cookie with the secure flag
Hello,
I wonder if it is possible, through UCM or Weblogic configurations, to automatically create the JSESSIONID cookie used when a user is logged on with the secure flag?
I have not found any parameters so far that could allow this.
Thanks in advance!We have public Websites running on UCM/SiteStudio which are only accessible through SSL by visitors. The aim is that every cookies should be secure to be sure that they are not transmitted in plain text to our server.
We thus would like to find a way to put the secure flag on JSESSIONID to avoid any case of session hijacking.
Thanks.
Edited by: Leo-G on 17 juil. 2012 23:57
Maybe you are looking for
-
Installed topaz plugins are not showing up in filters
Hi ive installed my topaz plugins but for some reason they are not showing up in my filter drop down like they used to any help on how to get them in to PHOTOSHOP CC would be very grateful
-
Hello I placed a simple embed tag in a page and it always calls for the Apple QuickTime player for what is only an mp3 file. I have (Windoze) configured to use the Windows Media Player for any mp3, but it still uses the QT. This is totally outside of
-
Need help on Calculation Logic in Bex
Dear BW Experts, I am working on Reporting. I have a requirement in my report. Output of the Report : State_________Material_____Total_Closed_Calls____No of Part Consumed Karnataka_____Cell Charger__10_________________2 _____________Battery_______20_
-
I am using oc4j as app server and apache as web server. I read from doc that we need the module mod_ssl for using ssl in apache. (According to http://technet.oracle.com/docs/products/ias/doc_library/1022doc_otn/index.htm) I have searched for this fil
-
Data Warehouse: general info
Hi all!!! I'm new to data warehousing, so DON'T SMILE; I'm reading some general guides concerning data warehousing but I've not understood which is the method to export data from OLTP database to data warehouse... Someone can help me? Thank you very