Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Session

 
Greenhorn
Posts: 13
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HeLLo SiR...
I m using JSP,Serlets in my application.
I need help to set manually my own id to session i.e. JSESSIONID so that i should not accept externally created sessions in my application...
please provide help tutorials and url...
 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why do you need to subvert this behaviour? Are you in some sort of environment that does not pass the JSEESIONID (e.g. a load balancer)?
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your response..
Following is the reasion for which i have to go for setting JSESSIONID of my own.
ERROR
The same request was sent twice in different sessions and the same response was received.
This shows that none of the parameters are dynamic (session identifiers are sent only in
cookies) and therefore that the application is vulnerable to this issue.

Remediation
Do not accept externally created session
identifiers (Low) - Session Identifier Not Updated

please provide some help as early as possible...
Thanking you...
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure I understand that error. I can't think what identifies a request as the same request, and why this is an issue. I might just be being thick though. What is generating it?
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My application is tested in IBM AppScan after testing it has shown this modifications... These security issues and vulnerabilities i have to handle So...
 
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Imagine you fulfill a report and submit it. Then you go back, fulfill with the same data and re-send. Those requests will be the same.

The error says "The same request was sent twice in different sessions".
Maybe the problem is the same object in a lot of sessions.

 
To avoid criticism do nothing, say nothing, be nothing. -Elbert Hubbard. Please critique this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic