For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MDPF52_180608's avatar
MDPF52_180608
Icon for Nimbostratus rankNimbostratus
Sep 11, 2015

APM & JBOSS JSESSIONID

Hello Devcentral,   Currently, I am facing a problem with an implementation of APM as a front-end for a JBOSS application. Basically, the user needs to authenticate on the APM logon page and after...
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 11, 2015

APM doesn't by default remove application cookies. The issue may be that at the moment the application is sending the cookie to the client that APM is doing something preemptive. I'm guessing the application only sends the JSESSIONID cookie once at the beginning of the session. Are you doing APM Forms-based SSO to the server? You may need to do a client side capture of the JBOSS interaction without APM in the mix to see exactly how the application works and when things happen. So for example, if the application sends the JSESSIONID cookie after the successful form-based logon, APM shouldn't get in the way of that cookie getting all the way to the client. If somehow that cookie is sent before the user posts their credentials, then you might need to code something to preemptively go get it with APM before the logon is posted.