WebCentre Content usage of JSESSIONID cookie

Hi
We have an issue in our implementation where Webspehere and Weblogic compete on WebSeal for the same cookie name JSESSIONID (It actually looks more like it is Websphere and WebCentre Content that is competing for the JSESSIONID cookie since WebLogic seems to use ADMINCONSOLESESSION cookie). This results in unexpected behaviour in applications running within Websphere. We have confirmed that the issue is caused by a cookie preservation setting in WebSeal but we need this setting enabled for Oracle WebCentre Content and Autovue to work together.
I am not sure if the following will work but I am thinking of changing WebCentre Content to use another cookie rather than JSESSIONID by explicitly adding a WEB-INF folder and use a weblogic.xml file to change the cookie-name.
Anyone done this before or do you guys have any ideas on implications or options?
Regards

Hi EbodaWill,
File daycare for fp 2324 where in you can configure & allow you to increase the request header size and avoid the bad request error OR for a package that improves client side persistence & does not use cookies.
Thanks,
Sham

Similar Messages

Unable to recreate JSESSIONID cookie in Internet Explorer

Hello All,
(Running CF Version: 9,0,0,251028,   Windows 2008 Server, IIS-7)
I am using the code below to expire the JSESSIONID cookie that is generated by CF because CF does not set the "HTTPOnly" and "Secure" cookie attributes by default when the JSESSIONID is initially created . I am then recreating the JSESSIONID cookie with the required attributes.
This works great for all browsers EXCEPT Internet Explorer!
When the code below runs in Internet Explorer, the JSESSIONID cookie does become expired as it should as seen in the 1st line of the function below. However, The script after that fails to recreate the JSESSIONID in Internet Explorer. this is driving me nuts because it works like a charm in ALL other browsers.
I am aware of the solution which involves setting these attributes in an xml configuration file on the CF server. However that solution is not an option for me. I am forced to use the method below to setup my secure/httponly JSESSIONID cookie. Any ideas would be greatly appreciated!!!
<cffunction name="OnSessionStart" output="false" access="public" description="I fix the sessionid">
         <cfcookie name="JSESSIONID" expires="now"/>
       <cfscript>
          var.HTTPOnly = "HTTPOnly";
          var.domain = cgi.server_name;
          var.path = "/";
          var.secure = "Secure;";
          var.response = getPageContext().getResponse();
          var.header = "JSESSIONID" & "=" & session.sessionid & ";domain=." & var.domain & ";path=" & var.path & ";" & var.secure & var.HTTPOnly;
          var.response.setHeader("SET-COOKIE", var.header);
        </cfscript>
        <cfreturn />
</cffunction>

Below is the responseHeader dump (from IE9).
Looks the exact same in FireFox and Chrome. However, a cfdump of the cookie scope will reveal (JSESSIONID=), nothing, zip, zilch, nada in IE9. Since the JSESSIONID cookie value is empty or null, a login attempt will result in a flash of the screen and the user is never logged in.
While a cfdump of Firefox and Chrome happily display a valid JSESSIONID cookie value and allow users to login to my application just fine.
(Note: The secure attribute is intentionally turned off due to my non-ssl dev pc.)
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Type
text/html; charset=UTF-8
Date
Sat, 10 Sep 2011 19:35:08 GMT
Explanation
OK
Http_Version
HTTP/1.0
SET-COOKIE
struct
1
JSESSIONID=843032102a51ca7bfa0f60831221c8642e45;domain=.localhost;path=/;HTTPOnly
2
JSESSIONID=843032102a51ca7bfa0f60831221c8642e45;path=/
3
JSESSIONID=;expires=Fri, 10-Sep-2010 19:35:08 GMT;path=/
Server
JRun Web Server
Status_Code
200
X-Frame-Options
deny
X-XSS-Protection
1; mode=block
expires
{ts '2011-09-10 15:35:08'}
pragma
no-cache
Thanks for the help!
Neil

Disable jsessionid cookie in obiee 11g

Hi All,
How to disable creation of "jsessionid" cookie in a web browser.
is something we can do from weblogic side? Appreciate our help.
Thanks
Ram

Hi All,
How to disable creation of "jsessionid" cookie in a web browser.
is something we can do from weblogic side? Appreciate our help.
Thanks
Ram

Create the JSESSIONID cookie with the secure flag

Hello,
I wonder if it is possible, through UCM or Weblogic configurations, to automatically create the JSESSIONID cookie used when a user is logged on with the secure flag?
I have not found any parameters so far that could allow this.
Thanks in advance!

We have public Websites running on UCM/SiteStudio which are only accessible through SSL by visitors. The aim is that every cookies should be secure to be sure that they are not transmitted in plain text to our server.
We thus would like to find a way to put the secure flag on JSESSIONID to avoid any case of session hijacking.
Thanks.
Edited by: Leo-G on 17 juil. 2012 23:57

No JSESSIONID cookie found in log-in response

The below code keeps throwing the "No JSESSIONID cookie found in log-in response"
Public Sub Establish()
If Not sessionId Is Nothing Then
Destroy()
End If
CheckUsernamePassword()
Dim req As HttpWebRequest
req = WebRequest.Create(GetLogInURL())
req.Headers.Add("UserName", username)
req.Headers.Add("Password", password)
req.CookieContainer = New CookieContainer
Dim resp As HttpWebResponse
resp = req.GetResponse()
If resp.StatusCode = System.Net.HttpStatusCode.OK Then
cookie = resp.Cookies("JSESSIONID")
If cookie Is Nothing Then
Throw New Exception("No JSESSIONID cookie found in log-in response!")
End If
sessionId = cookie.Value
End If
End Sub
Any help on what I can do for this would be appreciated. Thanks.

Hi,
a VB Class for managing Session..
__________________________________________ START OF FILE __________________________________________
Imports System
Imports System.Net
Imports System.Web.Services.Protocols
Public Class Session
Public protocol As String = "https"
Public server As String
Public port As String = "443"
Public username As String
Public password As String
Public sessionId As String = Nothing
Public cookie As cookie
Public Sub Establish()
If Not sessionId Is Nothing Then
Destroy()
End If
'Check that username and password have been specified
CheckUsernamePassword()
' create a container for an HTTP request
Dim req As HttpWebRequest
req = WebRequest.Create(GetLogInURL())
'username and password are passed as HTTP headers
req.Headers.Add("UserName", username)
req.Headers.Add("Password", password)
'req.Headers.Add("Proxy", "proxy")
'req.Headers.Add("Port", "80")
' cookie container has to be added to request in order to
' retrieve the cookie from the response.
req.CookieContainer = New CookieContainer
' make the HTTP call
Dim resp As HttpWebResponse
resp = req.GetResponse()
If resp.StatusCode = System.Net.HttpStatusCode.OK Then
'store cookie for later...
cookie = resp.Cookies("JSESSIONID")
If cookie Is Nothing Then
Throw New Exception("No JSESSIONID cookie found in log-in response!")
End If
sessionId = cookie.Value
End If
End Sub
Public Sub Destroy()
' create a container for an HTTP request
Dim req As HttpWebRequest
req = WebRequest.Create(GetLogOffURL())
' reuse the cookie that was received at Login
req.CookieContainer = New CookieContainer
req.CookieContainer.Add(cookie)
' make the HTTP call
Dim resp As HttpWebResponse
resp = req.GetResponse()
If resp.StatusCode <> System.Net.HttpStatusCode.OK Then
Throw New Exception("Logging off failed!")
End If
' forget current session id
sessionId = Nothing
End Sub
Public Function GetURL() As String
If sessionId Is Nothing Then
Throw New Exception("No session has been established!")
End If
CheckServerPort()
Return protocol + "://" + server + "/Services/Integration;jsessionid=" + sessionId
End Function
Public Function GetURL(ByVal obj As String) As String
If sessionId Is Nothing Then
Throw New Exception("No session has been established!")
End If
CheckServerPort()
Return protocol + "://" + server + ":" + port + "/Services/Integration/" + obj
End Function
Private Function GetLogInURL() As String
CheckServerPort()
Return protocol + "://" + server + "/Services/Integration?command=login"
End Function
Private Function GetLogOffURL() As String
CheckServerPort()
Return protocol + "://" + server + "/Services/Integration?command=logoff"
End Function
Private Sub CheckServerPort()
If server Is Nothing Then
Throw New Exception("Server not specified!")
End If
If port Is Nothing Then
Throw New Exception("Port not specified!")
End If
End Sub
Private Sub CheckUsernamePassword()
If username Is Nothing Then
Throw New Exception("Username not specified!")
End If
If password Is Nothing Then
Throw New Exception("Password not specified!")
End If
End Sub
End Class
__________________________________________ START OF FILE __________________________________________
Regards,
Gerald

WAS4 HttpSession.getId() != JSESSIONID cookie value

Question: Should the session identifier value assigned to the JSESSIONID cookie by the servlet container be the exact same value returned by calling HttpSession.getId()?
IBM's WebSphere Application Server (AEs) Version 4.0.x (WAS4) does not return the same value. The session identifier value assigned to the JSESSIONID cookie is 27 characters long, but the value returned by HttpSession.getId() only returns 23 characters. More precisely it is the last 23 characters of the 27 character value assigned to the JSESSIONID cookie.
WAS4 is supposed to support Sun's Java Servlet Specification Version 2.2. In my opinion, it does not fully 100% support this specification because of what I just stated above.
I would like to hear the Java Servlet Developer Community's opinion on this. Especially you Java Servlet Specification people and Sun.
Here is the API documentation for HttpSession.getId().
===================================
getId()
public java.lang.String getId()
Returns a string containing the unique identifier assigned to this session. The identifier is assigned by the servlet container and is implementation dependent.
Returns: a string specifying the identifier assigned to this session
===================================
Full HttpSession API documentation found at: http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet/http/HttpSession.html
Sun's Java Servlet Specification V2.2 documentation:
ftp://ftp.java.sun.com/pub/servlet/22final-182874/servlet2_2-spec.pdf

UPDATE: The value of the JSESSIONID cookie is not 27 characters long, its 30 characters long. the lenght of the value returned by HttpSession.getId() is still only 23 characters long. IBM has inserted 4 characters in the front and 3 characters in the back.
30 != 23

Weblogic 10.3 secure jsessionid cookie

Hi,
I am running my application on weblogic 10.3 app server. And my application is running on both HTTP and HTTPS. My questions is around the JSESSIONID cookie that App server generates and send to client. By default this cookie is non-secure, even if application runs on HTTPS. I want to know, how can Weblogic App Server create a new JSESSIONID cookie which is secure, when application moves from HTTP to HTTPS? My requirement is to run the application on secure JSESSIONID cookie when we use HTTPS.
How can i achieve it? It's kind of critical to me.
Any help is highly appreciated.

I tried setting up the secure cookie by modifying the config.xml.
But my app server is shutting down forcefully by throwing this message.
<Aug 28, 2009 1:05:18 PM GMT+05:30> <Error> <Management> <BEA-141244> <Schema va
lidation errors while parsing D:\bea\user_projects\domains\zendough\config\confi
g.xml - Expected elements 'weblogic-plugin-enabled@http://www.bea.com/ns/weblogi
c/920/domain hosts-migratable-services@http://www.bea.com/ns/weblogic/920/domain
http-trace-support-enabled@http://www.bea.com/ns/weblogic/920/domain key-stores
@http://www.bea.com/ns/weblogic/920/domain custom-identity-key-store-file-name@h
ttp://www.bea.com/ns/weblogic/920/domain custom-identity-key-store-type@http://w
ww.bea.com/ns/weblogic/920/domain custom-identity-key-store-pass-phrase-encrypte
d@http://www.bea.com/ns/weblogic/920/domain custom-trust-key-store-file-name@htt
p://www.bea.com/ns/weblogic/920/domain custom-trust-key-store-type@http://www.be
a.com/ns/weblogic/920/domain custom-trust-key-store-pass-phrase-encrypted@http:/
/www.bea.com/ns/weblogic/920/domain java-standard-trust-key-store-pass-phrase-en
crypted@http://www.bea.com/ns/weblogic/920/domain reliable-delivery-policy@http:
//www.bea.com/ns/weblogic/920/domain message-id-prefix-enabled@http://www.bea.co
m/ns/weblogic/920/domain default-file-store@http://www.bea.com/ns/weblogic/920/d
omain candidate-machine@http://www.bea.com/ns/weblogic/920/domain overload-prote
ction@http://www.bea.com/ns/weblogic/920/domain jdbcllr-table-name@http://www.be
a.com/ns/weblogic/920/domain jdbcllr-table-xid-column-size@http://www.bea.com/ns
/weblogic/920/domain jdbcllr-table-pool-column-size@http://www.bea.com/ns/weblog
ic/920/domain jdbcllr-table-record-column-size@http://www.bea.com/ns/weblogic/92
0/domain jdbc-login-timeout-seconds@http://www.bea.com/ns/weblogic/920/domain se
rver-diagnostic-config@http://www.bea.com/ns/weblogic/920/domain auto-jdbc-conne
ction-close@http://www.bea.com/ns/weblogic/920/domain supported-protocol@http://
www.bea.com/ns/weblogic/920/domain federation-services@http://www.bea.com/ns/web
logic/920/domain single-sign-on-services@http://www.bea.com/ns/weblogic/920/doma
in web-service@http://www.bea.com/ns/weblogic/920/domain nm-socket-create-timeou
t-in-millis@http://www.bea.com/ns/weblogic/920/domain' instead of 'web-server@ht
tp://www.bea.com/ns/weblogic/920/domain' here in element server@http://www.bea.c
om/ns/weblogic/920/domain>
Here is my config.xml
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd">
<name>zendough</name>
<domain-version>10.3.0.0</domain-version>
<security-configuration>
<name>zendough</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>uuuuuu</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>kkkkk</node-manager-password-encrypted>
</security-configuration>
<server>
<name>AdminServer</name>
<ssl>
<enabled>true</enabled>
</ssl>
<listen-port>7001</listen-port>
<listen-port-enabled>true</listen-port-enabled>
<listen-address></listen-address>
<java-compiler>javac</java-compiler>
<client-cert-proxy-enabled>false</client-cert-proxy-enabled>
<web-server>
<auth-cookie-enabled>true</auth-cookie-enabled>
</web-server>
</server>
<embedded-ldap>
<name>ttttt</name>
<credential-encrypted>yyyyy</credential-encrypted>
</embedded-ldap>
<configuration-version>10.3.0.0</configuration-version>
<app-deployment>
<name>hybrisplatform</name>
<target>AdminServer</target>
<module-type>ear</module-type>
<source-path>xxxxx</source-path>
<deployment-order>100</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>stage</staging-mode>
</app-deployment>
<admin-server-name>AdminServer</admin-server-name>
</domain>

Setting Secure and HttpOnly flags in JSESSIONID cookie

I have a web app hosted on WebLogic (8.1 I'm afraid!), and want to secure the JSESSIONID cookie by setting the Secure and HttpOnly flags on it. The intention is to prevent cookie theft.
As regards the Secure flag, I've tried using the myCookie.setSecure(true) method. This works fine when I debug and step through the code , but by the time the cookie gets back to the client, it has been reset to false again (I'm not clear what by though...).
There isn't a Cookie method to allow you to set HttpOnly.
I've thought of using a filter to intercept the response and set the flags explicitly, but this seems like a lot of work for something that seems very simple. I can't find anything in the WebLogic documentation that allows me to configure the settings either.
Does anyone have any bright ideas about how I can do this?
Thanks
Geoff

I don't think there is HTTPOnly support for WebLogic 8.1 or other versions.
May be you want to send a note to WebLogic support to find out of they are planning this feature in future ?
Jayesh
Yagna Sys

Share JSESSIONID cookie between 2 contexts

Hi all,
I am trying to share the JSESSIONID cookie between 2 contexts on the same virtual server.
www.evador.ca/a and www.evador.ca/b
I tried to put the following in my sun-web.xml:
<session-config>
<cookie-properties>
<property name="cookieDomain" value=".evador.ca";>
<description>The domain for which the cookie is valid.</description>
</property>
<property name="cookiePath" value="/" />
</cookie-properties>
</session-config>
With Firefox I can look at the cookies created. There is only one JSESSIONID with path / and domain .evador.ca. But even with these encouraging info I cannot see the cookie in both contexts...
I have an another cookie for localization purposes (That I create my self) called lang and believe it or not this works:
langCookie.setMaxAge(Integer.MAX_VALUE);
langCookie.setPath("/");
langCookie.setDomain(domainName);
response.addCookie(langCookie);
What am I doing wrong?
Thank you,
Luc
Edited by: lucbard on Dec 7, 2007 2:55 PM

Servlet specification mentions:
SRV.7.3 Session Scope
HttpSession objects must be scoped at the application (or servlet context) level.
The underlying mechanism, such as the cookie used to establish the session, can be
the same for different contexts, but the object referenced, including the attributes in that object, must never be shared between contexts by the container.
You cannot share a cookie between 2 contexts.

Setting cookie path for JSESSIONID cookie for admin console

          We've run into a strange problem with the JSESSIONID cookie created for the weblogic
          console application clashing with the JSESSIONID cookie created for our application.
          We've set the path to application JSESSIONID cookie but have been unable to set
          the cookie path for the console application JSESSIONID cookie.
          Anyone know how to do this?
          Thanks,
          Mark


Create a JAAS Authentication Entry in the Server configuration.
This should then appear in the drop-down when specifying your DataSource.

Unable to delete JSESSIONID cookie from ADF application

Hi all
I have a ADF application where i am using Logout button with action in managed bean. I want to delete the JSESSIONID cookie after logout.
The logout bean is invalding the session and deleting the cookies. See code below.
However code is not deleting the JSESSIONID cookie. I can see the cookie still exist in browser. Tester can use "back" button of browser and can see the user is still logged in application.
How can delete JESSIONID cookie permanetly after logout action ? Am i missing some thing in code ? I am uing JDeveloper 11.1.1.5.0
Mukesh
=======
public String AfterLogOut_action() {
FacesContext fctx = FacesContext.getCurrentInstance();
ExternalContext ectx = fctx.getExternalContext();
String url = ectx.getRequestContextPath() + "/adfAuthentication?logout=true&end_url=/login.html";
HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
HttpSession session = (HttpSession)ectx.getSession(false);
// Step 1 : delete the cookies
if (request.getCookies() != null) {
for (Cookie cookie : request.getCookies()) {
cookie.setMaxAge(0);
cookie.setPath("/");
response.addCookie(cookie);
// Step 2 : Invalidate the session
try {
session.invalidate();
ectx.redirect(url);
} catch (IOException e) {
e.printStackTrace();
fctx.responseComplete();
return null;
==========
Edited by: Mukesh S Patil on May 11, 2013 5:44 PM

Hi Guys.
Any help ?
Mukesh

Change JSESSIONID Cookie Name

Can anyone provide a means for changing the JSESSIONID cookie name in IWS 6 to something else?
I can not locate a mechanism for doing this anywhere.

Thankyou Sultal for the response.
Actually we are migrating the application server from Weblogic5.1 to Sun application server 8.2. The client is a mobile client and it sends the Cookie as 'JSESSIONID=session_id_val&WeblogicSession=session_id_val' as parameters, not as request header.It worked fine for Weblogic5.1 but not in Sun Application Server.
To make it clear :
Weblogic           :     request.getsession(false) = sessionObj@value
Sun Application Server      :     request.getsession(false) = null
Sun Application Server      :     request.getParameter("JSESSIONID") = session_id_val
In the Weblogic5.1 we have set the cookie & session parameters in the weblogic.properties file as:
weblogic.httpd.session.cookies.enable=true
weblogic.httpd.session.cookie.name=WebLogicSession
weblogic.httpd.session.neverReadPostData=false
weblogic.httpd.session.timeoutSecs=120
In case of Sun application server , JSESSIONID is not coming as a cookie , request.getsession(false) is returning null value.Is there a way to initialize the session with JSESSIONID request parameter?

Apache ProxyPass and JSESSIONID cookie

Is there any way that i can force the path that tomcat sets to the JSESSIONID cookie?
I need the path to be "/" and Tomcat sets it to "/webappName".
Thanks in advance

As far as I know, you cannot because the cookie is what Tomcat uses to reference SessionData. According to the J2EE spec, Servlet contexts cannot be shared, so the cookies are written with that restriction in mind.

Jsessionid cookie value being reused?

All,
I'm experiencing a session cookie problem when two apps reside on the same server, but different ports.
Suppose I have two browser windows which are different threads under the same process, such as tabs in Mozilla Firefox or a 'parent' and 'child' IE window. If I open two tabs, and navigate to http://myserver:7300/app1 in the first, and http://myserver:7400/app2 in the next, the browser appears to reuse the JSESSIONID value sent from the server in window 1. The headers show:
Window 1:
Request: GET /myapp1/login.do HTTP/1.1 (...)
Response: HTTP/1.1 200 OK (...)
Set-Cookie: JSESSIONID=BqSbl14eLq9VxOTEwzKYuld1VB0Qr17n5rjKBJGxOT4EjpVFnCk9!1415971045; path=/
Window 2:
Request: GET /myapp1/login.do HTTP/1.1 (...)
Cookie: JSESSIONID=BqSbl14eLq9VxOTEwzKYuld1VB0Qr17n5rjKBJGxOT4EjpVFnCk9!1415971045
Response: HTTP/1.1 200 OK (...)
Set-Cookie: JSESSIONID=BqSi212dTTrbYATSSyDfGNmiwC0PNKiGJ7gN0zslyHxSpXTJOsVB!-1687983613; path=/
In the second window the server clearly sends a separate session id, but the browser sends back the cookie received in the first window. This has the effect of preventing the user from using both apps at once in a tabbed browser. The server gets the sessions confused and they get booted out of the first app when they log in to the seond.
Has anyone else seen a similar situation?
Thanks for your help,
Brian

I have this problem in login (using session cookie) between two apps with IE. With Firefox it works fine.
I have two apps, like:
- A: http://this.app.com
- and for testing and education B: http://edu.this.app.com
The problem occurs when I first login to app A and then try to login to app B in same IE-window.
Login to A works ok, but when I login in B, once created session disapperas at followed request.
It seems to happen that when B asks session cookie from IE, IE returns both A's and B's session cookies.
At B request.getSession(false) apparently returns null because it tries to use A's session cookie or being two JSESSIONID session cookies..
When first login to B, there are no problems.
Am I right? Is there any way to use B's session cookie except changing this.app.com to use.this.app.com?

Jsessionid-cookie in Firefox 3

We have an application written in Flex which communicates
with a stateful web-service. We don't do anything to remember the
jsessionid, Flex uses the browser to manage it. Usually this is
done with cookies. When I disable cookies, there must be a
fall-back-strategy: in the Internet Explorer (7) and in the
standalone Flashplayer our application works fine. Firefox 3
without cookies doesn't keep the jsessionid, so our application
does not work at all. Is that a bug in den Firefox-Plugin or do we
have to do something different?

Firefox 3.6.6 uses the new OOPP technology (see [[What is plugin-container]] ), please contact the developers of this addon to fix this issue.

WebCentre Content usage of JSESSIONID cookie

Similar Messages

Maybe you are looking for