Forum Discussion

mahnsc's avatar
Icon for Nimbostratus rankNimbostratus
Apr 14, 2011

JSESSIONID's with null or empty values

Hi everyone. I'm using the jsessionid irules from this post. The only thing I've modified are the inactivity timeout periods (and disabled logging).

The rule has worked fine for me in all previous deployments except one I am currently working on where the devs have coded around a jboss session-invalidation bug involving user-generated session log outs. When the user clicks logout, they null the jsessionid. A nulled jsessionid should not be persisted.

I've been struggling trying to figure out how to modify this rule to handle nulled jsessionid's. Has someone come across this kind of thing in the past and was able to figure out how to do it and could share it with me?

I had thought something like the following *should* work but it doesn't:

if { ([HTTP::cookie JSESSIONID] ne "" ) and ( [info exists [HTTP::cookie value "JSESSIONID"]] ) } 

21 Replies