0 Replies Latest reply on Apr 11, 2007 9:57 AM by James Rhodes

    OWASP StingerFilter and JESSSIONID versus JESSIONIDSSO

    James Rhodes Newbie

      I'm using 4.0.5.GA and I have enabled the org.apache.catalina.authenticator.SingleSignOn valve in tomcat/server.xml. I'm trying to protect my web apps using the OWASP Stinger servlet filter, specifically its cookie validation feature. I'm trying to determine when I will get a regular JESSSIONID and when I will get a JESSIONIDSSO? I have noticed that I get either a varied points when I enter my web app. My app is only accessible via SSL and I have configured the SSO valve to my domain, not just the app context. Also,
      Is there an issue with session cookies and IE7?

      Thanks!

      B