The steps I want to take are: Start the Cypress test-suite and use cy.setCookie to set the JSESSIONID cookie (already acquired and up-to-date) After the cookie is set, then use cy.visit to access ...

My web app is running in Tomcat at http://localhost:8080/example.com/ but it is being reverse proxied from Apache that is serving up http://example.com/ on port 80. My web app looks at the request....

Recently, we have upgraded our application server from JBoss EAP6.2 to EAP7.0. Even though it runs non-HA profile aka standalone.xml, JBoss adds jboss.node.name at the end of JSESSIONID cookie. ...

I have a spring boot API hosted at Heroku and when I try to access it via a Angular app in Google Chrome (In Firefox it works fine) I'm facing the following problem: It seems that the JSESSIONID c...

Is it possible to turnoff jsessionid in the url in tomcat? the jsessionid seems not too search engine friendly.

Is it possible to set Same-site Cookie flag in Spring Security? And if not, is it on a roadmap to add support, please? There is already support in some browsers (i.e. Chrome).

I have a requirement of having to run multiple tomcat server in single physical box. While accessing these from a browser, when user switches between the applications, it results in logging out the...

I tried to rename JSESSIONID as below in web.xml, but seems like sometimes I do see the default name in the logs(I am logging in a filter in case default name is given), any idea?, I am using spri...

I am trying to set samesite none; secure for my jsessionid cookie from java filter . I have added this in response set cookie header.After this change the request cookie jsessionId is same . In the...

I want to set 'secure' flag to JSESSIONID cookie . Is there a configuration in tomcat 6 for this ? I tried by setting 'secure="true"' in 'Connector' (8080) element of server.xml , but it creates p...

I'm writing a VBA web service client in Excel 2010 using MSXML2.XMLHTTP60 for my Java REST web services hosted on Tomcat 8.5.5. In VBA, I want to snag the string JSESSIONID=E4E7666024C56427645D65B...

I'm currently working on a project where we want the user to sign in via Facebook and other OAuth2 providers. Furthermore the REST api should be stateless. Therefore no cookies/jsessionids should b...

I'm trying to manage sessions in Spring Security without leveraging cookies. The reasoning is - our application is displayed within an iframe from another domain, we need to manage sessions in our ...

I want to configure my servlet context, such as setting a custom jsessionId key (see Changing cookie JSESSIONID name) I believe I can use the SpringBootServletInitializer when running a WAR file, ...

In Tomcat, we can do it like this: <Context useHttpOnly="true" sessionCookiePath="/"sessionCookieDomain=".XXXX.com"/> I want to share the cookie for second level domain with Spring Boot, h...

A product I work on got a tough security audit by a potential customer and they are upset that Tomcat sets a JSESSIONID cookie before authentication has happened. That is, Tomcat sets this cookie w...

I have created an login page in servlet using Google Datastore, it is working fine. but sometimes its showing the JSESSIONID in the URL. How can I prevent the JSESSIONID sending through the ...

Yes, this is another "JSESSIONID in URL" question, but I haven't been able to find an answer. I'm running JBoss AS 7.1.1 Final and this is my web.xml: <web-app version="3.0" xmlns="http://java...

Am trying to figure out how to provide zero-downtime rolling updates of a webapp that has long-lived interactive user sessions that should be sticky, based on a JSESSIONID cookie. For this (and ot...

We have build a Cloud Foundry app using Liberty for Java. When testing the app we found that the SSL cookie did not have the secure flag set. Issue: The JSESSIONID did not have the Secure flag set...

In our project we are using weblogic server. If I try to login into our application i.e on machine A, a JsessionId is generated after I logged in. Now, if I use this same JsessionId on another ma...

I am not able to understand what's going on. On one of the env. of my webapp (written using ExtJS 4.0) - I see the login request successfully completes but subsequent request fails with 401. When...

I am using the following code for logging out a user off my system. /** * This function helps to set the session attribute for the present user to null and then * removes the attribute itself an...

While implementing the "remember me" feature for a website, why do we complicate things and have a token called remember me token apart from a session token. To the best of my understanding, remem...

I am facing a problem in jsf web application deployed in jetty web-server. When access application in browser, jsessionID is appended in the url. I want to remove it from there. Thanks in advance....