This content has been marked as final.
Show 2 replies
-
1. Re: Basic authentication and JSESSIONID cookie
dlofthouse Jun 16, 2014 11:32 AM (in response to jamat)Basic authentication by itself does not require the use of session, is your web app accessing a HTTP session after the authentication? That would be the time a session ID is generated and returned to the client.
-
2. Re: Basic authentication and JSESSIONID cookie
jamat Jun 16, 2014 2:32 PM (in response to dlofthouse)No we do not. As I said we only used the cookie for sitckiness as we wanted all the requests following the first one without a cookie to go to the same server in a cluster (I guess we could manage our own cookie). I just asked the question to confirm that this was the 'normal' behavior of JBoss and not something that I had mis-configured.
EDIT: Actually I take that back. We probably access the session.