Skip to main content

Questions tagged [jsessionid]

Ask Question

JSESSIONID is the name of the tracking parameter defined by the Java servlet API.

jsessionid
469 questions
Newest Active Bountied Unanswered
0 votes
0 answers
22 views

Spring Boot JSESSIONID cookie is sent even when request is not authorized and returned 403

I'm using Spring Boot version 3.2.1 and have encountered an issue with JSESSIONID cookies. When I make a request that requires authentication, I receive an invalid JSESSIONID cookie. However, a valid ...
Petr Jelínek's user avatar
Petr Jelínek
  • 1,421
0 votes
0 answers
33 views

Spring JSESSIONID Authentication best practices [closed]

I am still a bachelor student and consider myself a junior in some Spring related topics. I have developed several Spring Boot applications and have always used a stateful approach using the ...
Moritzslz's user avatar
Moritzslz
  • 1
0 votes
1 answer
22 views

I can't understand how to send login credentials with JMeter

I need to perform a login test and keep the session active for subsequent requests in JMeter, but by analyzing the code from the browser, I can't understand how to send the login data and what I need ...
Masa's user avatar
Masa
  • 1
0 votes
0 answers
18 views

Render same app in 4 different iframes of browser window each with unique JSESSIONID

A front end react app interacts with a legacy backend via an API gateway between them. It fires two requests - /api/login - where it passes LDAP credentials via API gateway to legacy backend and gets ...
Jacob's user avatar
Jacob
  • 444
0 votes
0 answers
108 views

Need to add partitioned cookie attribute for session cookie set by Tomcat server

I have a web-app-1 that I am loading in an iFrame on a page loaded from web-app-2. Since the JSESSIONID from web-app-1 becomes a third-party cookie for web-app-2, the browser disbars it and the user ...
Pankaj opentext's user avatar
Pankaj opentext
  • 1
0 votes
0 answers
13 views

Is it possible for tomcat 10 to use for the SessionId a UUID-Format instead of the 32-Char String?

We are using tomcat 10 and wanting to have the JSessionId in a UUID-Format Example: Currently: JSESSIONID is something like F3C96ED225C9FC87C7C87BBE670FBEEB Prefered State: f3c96ed2-25c9-fc87-c7c8-...
noircc's user avatar
noircc
  • 640
-1 votes
1 answer
164 views

Handling "secure attribute but was not received via a secure connection" error for session cookies(JSESSIONID) in Spring app with HTTP and HTTPS

I'm encountering an issue with setting the secure attribute for session cookies (JSESSIONID) in a Spring web application deployed on AWS ECS. Here's the scenario: Requirement: Make session cookies ...
unknown's user avatar
unknown
  • 691
0 votes
0 answers
76 views

The vulnerability of Security Misconfiguration (Cookie without Secure Flag) is found

The reported vulnerability of Security Misconfiguration (Cookie without Secure Flag) is found valid is reported by the security team.I am using spring mvc. TO mitigate this security i am trying to ...
sandeep kumar yadav's user avatar
sandeep kumar yadav
  • 1
0 votes
0 answers
46 views

HttpWebRequest not reliably sending cookies

I have a script that interacts with a 3rd party web site. It's been in use for over a decade without issue, until about a week ago. My script hasn't changed, I suspect the 3rd party web site did, ...
Jimmy's user avatar
Jimmy
  • 5,201
0 votes
0 answers
178 views

React fetch 'POST' method does not keep the Spring Boot session CORS

I'm facing a CORS issue which I'm almost sure is on the React client side. My process is: A React client executes a POST fetch to my Spring Boot server (hosted in a VPS) [fetch 1] The request is ...
Clown's user avatar
Clown
  • 291
0 votes
0 answers
29 views

JSESSIONID not received in server Android

I am developing an Android web application. Since cookiesyncmanager is deprecated, I've replaced it with cookieManager for android SDK 32 and above. Because of this reason, server sporadically fails ...
Lucy's user avatar
Lucy
  • 121
1 vote
1 answer
413 views

Get Authentication Object using sessionid in SpringSession

in a springboot application with Basic Authentication I'm trying to authorize requests getting the sessionID from the url in the format ";jsessionid=xxx" I know that that's not a good ...
masty's user avatar
masty
  • 21
0 votes
0 answers
48 views

Unable to generate the JSESSIONID after the authetincation with Shiro security-Session fixation

We have a sample adf application with jdeveloper12.1.3 with shiro security and using glassfih 3.1.2.19 for my webserver. The problem is jsessionid is not changing before and after authentication. We ...
Priya Sedhupandi's user avatar
Priya Sedhupandi
  • 1
0 votes
0 answers
97 views

Cookie not setting when redirecting between same proxy URLs

I have a scenario where we are using Okta for authentication and trying to use Apigee proxy in between to route our requests. What is happening: We start the front-end site Request hits the back-end ...
Rohit's user avatar
Rohit
  • 1,550
0 votes
1 answer
117 views

Unique jsessionid with more than one tomcat

I'm using redisson to store tomcat sessions for distribute request between a couple of servers using a load balancer. I was wondering if there is a chance of collision of session id between the ...
dssof's user avatar
dssof
  • 299

15 30 50 per page
1
2 3 4 5
32