File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session" Watch "Session" New topic
Author

Session

Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
HeLLo SiR...
I m using JSP,Serlets in my application.
I need help to set manually my own id to session i.e. JSESSIONID so that i should not accept externally created sessions in my application...
please provide help tutorials and url...
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Why do you need to subvert this behaviour? Are you in some sort of environment that does not pass the JSEESIONID (e.g. a load balancer)?

JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
Thanks for your response..
Following is the reasion for which i have to go for setting JSESSIONID of my own.
ERROR
The same request was sent twice in different sessions and the same response was received.
This shows that none of the parameters are dynamic (session identifiers are sent only in
cookies) and therefore that the application is vulnerable to this issue.

Remediation
Do not accept externally created session
identifiers (Low) - Session Identifier Not Updated

please provide some help as early as possible...
Thanking you...
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

I'm not sure I understand that error. I can't think what identifies a request as the same request, and why this is an issue. I might just be being thick though. What is generating it?
Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
My application is tested in IBM AppScan after testing it has shown this modifications... These security issues and vulnerabilities i have to handle So...
Hebert Coelho
Ranch Hand

Joined: Jul 14, 2010
Posts: 754

Imagine you fulfill a report and submit it. Then you go back, fulfill with the same data and re-send. Those requests will be the same.

The error says "The same request was sent twice in different sessions".
Maybe the problem is the same object in a lot of sessions.


[uaiHebert.com] [Full WebApplication JSF EJB JPA JAAS with source code to download] One Table Per SubClass [Web/JSF]
 
wood burning stoves
 
subject: Session