Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

configure or Rename JSESSIOID in IIS and TOMCAT configuration.

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HI,

How to configure "JESSIONID" cookie name as i have configured tomcat with IIS 6.0 ???

Requirement : i don't want my client recognize that he browse a java or servelts or asp page by recognizing the [b]cookie[/b]...

Is there any way i can configure or rename "JESSIONID" for the IIS or Tomcat configuration .. please help me ...


Thanks in advance...
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A search of the Tomcat 6 source code reveals that the string constant is only mentioned in a few places, you could edit the source and recompile.

OR
You could write you own session equivalent code with your own Cookie parameters.

Bill
 
Saloon Keeper
Posts: 24540
167
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

William Brogden wrote:
OR
You could write you own session equivalent code with your own Cookie parameters.

Bill



However since the container-managed security system uses its own cookies anyway, that implies a DIY security system would be required. And do you really want me to rant on that topic again?

Actually, jsessionID isn't the cookie, it's part of the URL rewriting mechanism that's the fallback for people who have [b]disabled[/i] cookies.
 
vinay ravi
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Holloway wrote:

William Brogden wrote:
OR
You could write you own session equivalent code with your own Cookie parameters.

Bill



However since the container-managed security system uses its own cookies anyway, that implies a DIY security system would be required. And do you really want me to rant on that topic again?

Actually, jsessionID isn't the cookie, it's part of the URL rewriting mechanism that's the fallback for people who have disabled[/i] cookies.



So.. Tim,

Please help me in [b]removing/Mask/ rename of JSESSIONID for IIS front end and tomcat Back-end configuration.


Requirement : I don't want to see the client that whether it is a JSP page or asp page..
Current Progress : Right now i am able to block the JSESSIONID in the URL even though it is served by web server
by setting the property (Strip_session =1) in registry.


But i can see the JSESSIONID in the Cookie request header.

since from past 1 week i struck with same issue..

Please help me..

Thanks a lot in advance...

 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic