JSESSIONID and JSESSIONIDSSO

hpi · February 18, 2022, 11:30am

Hi,

When I use payara and use http sessions a JSESSIONID and/or JSESSIONIDSSO cookie is created which are sent back to re-acces the session.

Question 1: is the format of these session id’s defined somewhere?

Question 2: when a request is sent to the server, are the session id’s validated somehow? And if yes, if invalid, what happend? And is it possible to define differente behaviour for invalid session ids or expired session ids?

best regards,

Hans

Topic		Replies	Views
How to pass JSESSIONID in headers rather than as a url parameter? Technical Discussion security	0	13	April 18, 2024
How to increase http session id length in Payara server? Technical Discussion	0	28	March 10, 2024
Authenticating using OpenId Connect and Keycloak Technical Discussion security	3	438	June 12, 2023
Cookies are set without the httponly attribute (Payara 6.2023.2) Payara Server	0	187	March 8, 2023
Application Login page is displayed when accessing a REST endpoint - Payara-5.2021.8 Technical Discussion	2	517	December 16, 2021

JSESSIONID and JSESSIONIDSSO

Related Topics