M
Michael Jacobs
Guest
The JSESSIONID is a cookie that contains a reference to server-side Web Session storage that is maintained by the Tomcat web server. One possible use of the Web Session is in containing a user's login security token that is produced by the ABL web app's Spring Security authentication layer. There can be other uses of that server-side Web Session by Java web apps, but not via direct access by the ABL application code ( that I know of ). In your example you have triggered the SpringSecurity component (i.e. Java web app) to create a JSESSIONID and server-side Web Session - but your ABL application has no direct access to it. If you do not want to change from the classic WebSpeed's implementation, then using JSESSIONID will not be an option for you and just adds overhead to Tomcat in maintaining those Web Sessions. If you ever consider moving to a stronger security model that employs Spring Security authentication/authorization and Client-Principals - contact us and we can discuss your particular product's requirements to see if there is a match.
Continue reading...
Continue reading...