Difference between revisions of "Avoiding Duplicate Cookies"

From AgileApps Support Wiki
imported>Aeric
(Created page with "The application sets a cookie with a different value multiple times within the same response. This is not a direct threat to the security of the application; however, migh...")
 
imported>Aeric
Line 1: Line 1:
The application sets a cookie with a different value multiple times within the same response. This is not a direct threat to the security of the application; however, might indicate a programming error, and can have unintended consequences.  
The application sets a cookie with a different value multiple times within the same response. This is not a direct threat to the security of the application; however, might indicate a programming error, and can have unintended consequences.  
The application sets the following cookie to multiple values within the same response: JSESSIONID.
The application sets the '''JSESSIONID''' cookie to multiple values within the same response.


Browsers will only accept one of these values, typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie-name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.  
Browsers will accept only one of these values; typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie-name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.  


To resolve this issue, open the context.xml file from the '''<Install directory>/profiles/IS_default/configuration/tomcat/conf''' folder. Edit the <Context? tag as follows:
To resolve this issue, open the context.xml file from the <Install directory>'''/profiles/IS_default/configuration/tomcat/conf''' folder. Edit the <Context? tag as follows:
'''<Context sessionCookiePath="/">'''
'''<Context sessionCookiePath="/">'''

Revision as of 09:34, 25 March 2019

The application sets a cookie with a different value multiple times within the same response. This is not a direct threat to the security of the application; however, might indicate a programming error, and can have unintended consequences. The application sets the JSESSIONID cookie to multiple values within the same response.

Browsers will accept only one of these values; typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie-name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.

To resolve this issue, open the context.xml file from the <Install directory>/profiles/IS_default/configuration/tomcat/conf folder. Edit the <Context? tag as follows: <Context sessionCookiePath="/">