Difference between revisions of "Avoiding Duplicate Cookies"

From AgileApps Support Wiki
imported>Aeric
(Created page with "The application sets a cookie with a different value multiple times within the same response. This is not a direct threat to the security of the application; however, migh...")
 
imported>Aeric
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
The application sets a cookie with a different value multiple times within the same response. This is not a direct threat  to  the  security  of  the  application;  however, might  indicate  a  programming  error, and can have unintended consequences.
The application sets a cookie with a different path value multiple times with the same response.  
The application sets the following cookie to multiple values within the same response: JSESSIONID.


Browsers will only accept one of these values, typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie-name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.  
Browsers will accept only one of these values; typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.  


To resolve this issue, open the context.xml file from the '''<Install directory>/profiles/IS_default/configuration/tomcat/conf''' folder. Edit the <Context? tag as follows:
To resolve this issue, open the '''context.xml''' file from the <Install directory>'''/profiles/IS_default/configuration/tomcat/conf''' folder. Edit the <Context> tag to set it as follows:
'''<Context sessionCookiePath="/">'''
'''<Context sessionCookiePath="/">'''

Latest revision as of 09:47, 25 March 2019

The application sets a cookie with a different path value multiple times with the same response.

Browsers will accept only one of these values; typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.

To resolve this issue, open the context.xml file from the <Install directory>/profiles/IS_default/configuration/tomcat/conf folder. Edit the <Context> tag to set it as follows: <Context sessionCookiePath="/">