Difference between revisions of "Avoiding Duplicate Cookies"

From AgileApps Support Wiki
imported>Aeric
imported>Aeric
Line 4: Line 4:
Browsers will accept only one of these values; typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie-name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.  
Browsers will accept only one of these values; typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie-name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.  


To resolve this issue, open the context.xml file from the <Install directory>'''/profiles/IS_default/configuration/tomcat/conf''' folder. Edit the <Context? tag as follows:
To resolve this issue, open the context.xml file from the <Install directory>'''/profiles/IS_default/configuration/tomcat/conf''' folder. Edit the <Context> tag to set it as follows:
'''<Context sessionCookiePath="/">'''
'''<Context sessionCookiePath="/">'''

Revision as of 09:35, 25 March 2019

The application sets a cookie with a different value multiple times within the same response. This is not a direct threat to the security of the application; however, might indicate a programming error, and can have unintended consequences. The application sets the JSESSIONID cookie to multiple values within the same response.

Browsers will accept only one of these values; typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie-name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.

To resolve this issue, open the context.xml file from the <Install directory>/profiles/IS_default/configuration/tomcat/conf folder. Edit the <Context> tag to set it as follows: <Context sessionCookiePath="/">