Difference between revisions of "Avoiding Duplicate Cookies"

Revision as of 09:35, 25 March 2019

The application sets a cookie with a different value multiple times within the same response. This is not a direct threat to the security of the application; however, might indicate a programming error, and can have unintended consequences. The application sets the JSESSIONID cookie to multiple values within the same response.

Browsers will accept only one of these values; typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie-name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.

To resolve this issue, open the context.xml file from the <Install directory>/profiles/IS_default/configuration/tomcat/conf folder. Edit the <Context> tag to set it as follows: <Context sessionCookiePath="/">

@@ Line 4: / Line 4: @@
 Browsers will accept only one of these values; typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie-name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.
-To resolve this issue, open the context.xml file from the <Install directory>'''/profiles/IS_default/configuration/tomcat/conf''' folder. Edit the <Context? tag as follows:
+To resolve this issue, open the context.xml file from the <Install directory>'''/profiles/IS_default/configuration/tomcat/conf''' folder. Edit the <Context> tag to set it as follows:
 '''<Context sessionCookiePath="/">'''

Search

where to start

Feedback

customize and design

resources

Tools

Personal tools

Difference between revisions of "Avoiding Duplicate Cookies"

Revision as of 09:35, 25 March 2019