Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session

 
Suleman Kandagal
Greenhorn
Posts: 13
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HeLLo SiR...
I m using JSP,Serlets in my application.
I need help to set manually my own id to session i.e. JSESSIONID so that i should not accept externally created sessions in my application...
please provide help tutorials and url...
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why do you need to subvert this behaviour? Are you in some sort of environment that does not pass the JSEESIONID (e.g. a load balancer)?
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your response..
Following is the reasion for which i have to go for setting JSESSIONID of my own.
ERROR
The same request was sent twice in different sessions and the same response was received.
This shows that none of the parameters are dynamic (session identifiers are sent only in
cookies) and therefore that the application is vulnerable to this issue.

Remediation
Do not accept externally created session
identifiers (Low) - Session Identifier Not Updated

please provide some help as early as possible...
Thanking you...
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure I understand that error. I can't think what identifies a request as the same request, and why this is an issue. I might just be being thick though. What is generating it?
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My application is tested in IBM AppScan after testing it has shown this modifications... These security issues and vulnerabilities i have to handle So...
 
Hebert Coelho
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Imagine you fulfill a report and submit it. Then you go back, fulfill with the same data and re-send. Those requests will be the same.

The error says "The same request was sent twice in different sessions".
Maybe the problem is the same object in a lot of sessions.

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic