JSESSIONID will track each unique user session. Ideally, your load balancer should create it's own cookie to track the session. This will be the most reliable means of keeping the right user on the same mid-tier server. The other have to do with keywords (GKW), etc.
See http://support.f5.com/kb/en-us/solutions/public/6000/900/sol6917.html for details on f5's implementation. Axton Grams On Tue, Jul 24, 2012 at 12:16 PM, Ray Palla <[email protected]> wrote: > > Listers; > > This question has been raised by security; > > ===================================================================== > > Need to identify the correct Remedy cookie that gets presented to the > browser once authenticated. ...Peak at the cookies presented to a browser > after a successful authentication and there are a total of 9 cookies. > Tested > the JSESSIONID, but need assistance in confirming that this is the proper > cookie to utilize for Sticky/Persistent sessions against an authenticated > user. If you have documentation regarding the BMC AUTH cookies, I would be > most appreciative. > > Cookie Names set in my browser by BMC Web Authentication: > 1. G > 2. GF > 3. GKW > 4. JSESSIONID > 5. P > 6. T > 7. lt > 8. st > 9. wARRoot1343142789216 > > Thanks, > Scott E Moore > Senior Security Consultant > > ==================================================================== > > On behalf of Scott; > R > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
