[Owasp-turkey] Oracle IAS Set-Cookie problemi

Bedirhan Urgun urgunb at hotmail.com
Mon May 28 12:33:23 EDT 2007


 
 Merhaba arkadaslar,
 test ettigim Oracle IAS (10g) bir java web uygulamasinda soyle bi seyle karsilastim; 
 
 Her dinamik HTTP cevabinda Set-Cookie ayni session id'nin set edildigini goruyorum (orn: JSESSIONID=afeeasd1234bb1246abbc452.aeb495815cdeaaeb495815cdea). Once Oracle WebCache olabilecegini dusundum ama webcache kullanilmiyor. Uygulama sadece bir Oracle j2ee instance'inin icinde calisiyor, yani tek instance var. 
 Onunde load balancer olabilecegini dusunduk ama o da degil. 
 
 Bu durum soyle bi sıkıntıya yol aciyor. HttpOnly, Path gibi cookie kisitlamalarini kullanamiyoruz. 
 Boyle biseyle karsilasmis olan var mi, acaba?
 
 bedirhan
_________________________________________________________________
Change is good. See what’s different about Windows Live Hotmail.
www.windowslive-hotmail.com/learnmore/default.html?locale=en-us&ocid=TXT_TAGLM_HMWL_reten_changegood_0507
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-turkey/attachments/20070528/d0c44d09/attachment.html 


More information about the Owasp-turkey mailing list