jsessionid

I was successfully able to send a POST request for my log in end point and a JSESSIONID was created. I know the JSESSIONID is kept by the HTTP Cookie Manager that I have at the top of my thread because I see it being used on several GET requests I have in my thread. But when I attempt a POST request it does not use the JSESSIONID and creates its own ID. Below are my settings: Protocol: https Method: POST -Use KeppAlive {"json":"params"} Sampler Result: Thread Name: sim test 1-1 Sample Start: 2014-02-18 15:42:42 EST Load time: 95 Latency: 95 Size in bytes: 239 Headers size in bytes: 239 Body

I've searched jquery forum, stackoverflow, google, bing, and even yahoo w/o success. Every 10 sec I'm trying to load a text data from logservlet servlet via this JQuery snippet: <script type="text/javascript" src="http://code.jquery.com/jquery-1.7.2.min.js"></script> <script type="text/javascript"> var autorefresh = setInterval(function () { $.ajax({ url : "logservlet?devkey=chat", success : function(data) { $("#log_ta").append(data); } }); }, 10000); </script> The problem is, on a server side I don't see a valid session where I try to track the session attributes. The problem seems to be

Because of some security reasons I deceided to disable session tracking by jsessionid in URL. Before I changed my web.xml to the one below, I had on the first time I visited the page a jsessionid in the url, after clicking the first link, it never appeared again. My web.xml looks like <session-config> <session-timeout>10</session-timeout> <cookie-config> <secure>true</secure> </cookie-config> <tracking-mode>COOKIE</tracking-mode> </session-config> Now I have the jsessionid in the URL, if I click another link on the page it never disappears. It changes on every click. If I try to invoke a JSF

Following problem with chrome...: I've running an Grails 1.3.7 Application on a Server. I've noticed, when I request a static content (such as non-dynamic html-files) from Chrome, Chrome creates two JSESSIONID-Cookies. The first one when the login-window shows up, and the second after a successfull login. If I want to refresh the page, or request another resource, I've to login again. (I think because Tomcat doesn't understand those two cookies) I've tried it with FF, but FF just just creates one Cookie and its working perfectly. Also, I've ran the app locally, and it works even with chrome

We need to ensure that all cookies on a CF7 site are set as HttpOnly. We are using jsessionid to control our sessions, and JRun does not create this as HttpOnly. Whilst it is possible to modify an existing cookie to add this setting, we need to have it set to HttpOnly from the start. Any suggestions? Related Question: Setting Secure flag for HTTPS cookies. Salazar Mubarak From: http://www.petefreitag.com/item/764.cfm Running CF 8 or Lower and using Application.cfc <cfcomponent> <cfset this.sessionmanagement = true> <cfset this.setclientcookies = false> <cffunction name="onSessionStart">

I'm looking for a plain English, "for dummies" explanation of how does JSESSIONID work from security aspects Can someone who merely knows my current JSESSIONID impersonate / hijack my session? In what scenarios JSESSIONID will be part of the URL, and is this OWASP #2 security risk (scenario #1) still relevant for latest versions of Tomcat / Glassfish, and if so, what to "turn off/on" to prevent it? Q: Can someone who merely knows my current JSESSIONID impersonate / hijack my session? A: Yes. That's why it is important that your site is careful with cookies. Indeed, if you are worried about