padmapraveen_vasili Posted April 14, 2006 Share Posted April 14, 2006 Hi allthis was traced out by our senior engineers.they have identified that the login pages /service/jsp/index.jsp and /ourproj/controller are sending the JSESSIONID the secure attribute. If the secure attribute is not specified, a cookie is considered safe to be sent in the clear over unsecured channels which can occur when traffic is traveling over multiple gateways. If the cookies are sent in clear, they can be intercepted and used by an attacker to directly access a user session.how can i make up this issue to make my appilcation secure to use.They recommend that any cookie of the website which handles privileged functionality such as authentication items are sent using the secure attribute Link to comment Share on other sites More sharing options...
Chocolate570 Posted April 15, 2006 Share Posted April 15, 2006 This is the javascript section. The W3S forum currently does not have a JSP section, so unless someone happens to look at this topic, I suggest you go to another forum and ask. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now