Thanks Axton; Perhaps the better question is: For sticky sessions what is the preferred (best practice) method: Cookies, HTTP Header, IP Based Solutions? Opinions? R
_____ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Axton Sent: Tuesday, July 24, 2012 1:59 PM To: arslist@ARSLIST.ORG Subject: Re: Request for expertise on BMC Web login cookies ** JSESSIONID will track each unique user session. Ideally, your load balancer should create it's own cookie to track the session. This will be the most reliable means of keeping the right user on the same mid-tier server. The other have to do with keywords (GKW), etc. See http://support.f5.com/kb/en-us/solutions/public/6000/900/sol6917.html for details on f5's implementation. Axton Grams On Tue, Jul 24, 2012 at 12:16 PM, Ray Palla <ray.pa...@insona.com> wrote: Listers; This question has been raised by security; ===================================================================== Need to identify the correct Remedy cookie that gets presented to the browser once authenticated. ...Peak at the cookies presented to a browser after a successful authentication and there are a total of 9 cookies. Tested the JSESSIONID, but need assistance in confirming that this is the proper cookie to utilize for Sticky/Persistent sessions against an authenticated user. If you have documentation regarding the BMC AUTH cookies, I would be most appreciative. Cookie Names set in my browser by BMC Web Authentication: 1. G 2. GF 3. GKW 4. JSESSIONID 5. P 6. T 7. lt 8. st 9. wARRoot1343142789216 Thanks, Scott E Moore Senior Security Consultant ==================================================================== On behalf of Scott; R ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"