Questions tagged [jsessionid]
JSESSIONID is the name of the tracking parameter defined by the Java servlet API.
jsessionid
469
questions
0
votes
0
answers
22
views
Spring Boot JSESSIONID cookie is sent even when request is not authorized and returned 403
I'm using Spring Boot version 3.2.1 and have encountered an issue with JSESSIONID cookies.
When I make a request that requires authentication, I receive an invalid JSESSIONID cookie. However, a valid ...
0
votes
0
answers
33
views
Spring JSESSIONID Authentication best practices [closed]
I am still a bachelor student and consider myself a junior in some Spring related topics.
I have developed several Spring Boot applications and have always used a stateful approach using the ...
0
votes
1
answer
22
views
I can't understand how to send login credentials with JMeter
I need to perform a login test and keep the session active for subsequent requests in JMeter, but by analyzing the code from the browser, I can't understand how to send the login data and what I need ...
0
votes
0
answers
18
views
Render same app in 4 different iframes of browser window each with unique JSESSIONID
A front end react app interacts with a legacy backend via an API gateway between them. It fires two requests -
/api/login - where it passes LDAP credentials via API gateway to legacy backend and gets ...
0
votes
0
answers
108
views
Need to add partitioned cookie attribute for session cookie set by Tomcat server
I have a web-app-1 that I am loading in an iFrame on a page loaded from web-app-2.
Since the JSESSIONID from web-app-1 becomes a third-party cookie for web-app-2, the browser disbars it and the user ...
0
votes
0
answers
13
views
Is it possible for tomcat 10 to use for the SessionId a UUID-Format instead of the 32-Char String?
We are using tomcat 10 and wanting to have the JSessionId in a UUID-Format
Example:
Currently: JSESSIONID is something like F3C96ED225C9FC87C7C87BBE670FBEEB
Prefered State: f3c96ed2-25c9-fc87-c7c8-...
-1
votes
1
answer
164
views
Handling "secure attribute but was not received via a secure connection" error for session cookies(JSESSIONID) in Spring app with HTTP and HTTPS
I'm encountering an issue with setting the secure attribute for session cookies (JSESSIONID) in a Spring web application deployed on AWS ECS.
Here's the scenario:
Requirement: Make session cookies ...
0
votes
0
answers
76
views
The vulnerability of Security Misconfiguration (Cookie without Secure Flag) is found
The reported vulnerability of Security Misconfiguration (Cookie without Secure Flag) is found valid is reported by the security team.I am using spring mvc. TO mitigate this security i am trying to ...
0
votes
0
answers
46
views
HttpWebRequest not reliably sending cookies
I have a script that interacts with a 3rd party web site. It's been in use for over a decade without issue, until about a week ago. My script hasn't changed, I suspect the 3rd party web site did, ...
0
votes
0
answers
178
views
React fetch 'POST' method does not keep the Spring Boot session CORS
I'm facing a CORS issue which I'm almost sure is on the React client side.
My process is:
A React client executes a POST fetch to my Spring Boot server (hosted in a VPS) [fetch 1]
The request is ...
0
votes
0
answers
29
views
JSESSIONID not received in server Android
I am developing an Android web application. Since cookiesyncmanager is deprecated, I've replaced it with cookieManager for android SDK 32 and above.
Because of this reason, server sporadically fails ...
1
vote
1
answer
413
views
Get Authentication Object using sessionid in SpringSession
in a springboot application with Basic Authentication I'm trying to authorize requests getting the sessionID from the url in the format ";jsessionid=xxx"
I know that that's not a good ...
0
votes
0
answers
48
views
Unable to generate the JSESSIONID after the authetincation with Shiro security-Session fixation
We have a sample adf application with jdeveloper12.1.3 with shiro security and using glassfih 3.1.2.19 for my webserver. The problem is jsessionid is not changing before and after authentication. We ...
0
votes
0
answers
97
views
Cookie not setting when redirecting between same proxy URLs
I have a scenario where we are using Okta for authentication and trying to use Apigee proxy in between to route our requests.
What is happening:
We start the front-end site
Request hits the back-end ...
0
votes
1
answer
117
views
Unique jsessionid with more than one tomcat
I'm using redisson to store tomcat sessions for distribute request between a couple of servers using a load balancer.
I was wondering if there is a chance of collision of session id between the ...