The Container is adding a Cookie with the default Context Path as “/” which is referred as the poison Cookie in this thread. Mid-Tier sets JSessionID Cookie marked as HTTPOnly with the right Context Path.
In this case one needs to do the right settings with the Container to let it know that JSessionID Cookie should be generated with the right Context Path. This is a settings issue and not a defect in the Product functionality. Defect SW00478176 is filed for tracking updating the documentation with the correct settings needed for WebLogic and WebSphere. --- Abhijit Rajwade, BMC Software Remedy Security SMA _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
