tracker issue : CF-4198125

select a category, or use search below
(searches all categories and all time range)
Title:

jsessionid cookie present when J2EE disabled from admin

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/AsDesigned

Reporter/Name(from Bugbase): Jason Wagstaff / Jason Wagstaff (Jason Wagstaff)

Created: 11/30/2016

Components: General Server

Versions: 2016

Failure Type:

Found In Build/Fixed In Build: CF2016_Update3 /

Priority/Frequency: Major / All users will encounter

Locale/System: English / Linux CentOS 6.4

Vote Count: 1

Problem Description:
I have two servers that behave differently with identical code.  Both servers the J2EE memory variables are disabled.  Both servers where created from the same VMWare template.  


Steps to Reproduce:
Run the attached code and disable J2EE sessions in admin.  

Actual Result:
One server will respond with a set-cookie response header for jsessionid one server will not

Expected Result:
The responses to be identical, preferably neither would try to set a jsessionid.   

Any Workarounds:
No.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4198125

External Customer Info:
External Company:  
External Customer Name: Jason Wagstaff
External Customer Email:  
External Test Config: Server 1

Server Product 	ColdFusion 2016

Version 	2016.0.03.300466

Tomcat Version 	8.0.32.0

Edition 	Enterprise  

Operating System 	UNIX  

OS Version 	3.10.0-327.36.2.el7.x86_64  

Update Level 	cold_fusion_disk/coldfusion2016/apps/lib/updates/chf20160003.jar  

Adobe Driver Version 	5.1.4 (Build 0001)   







Server 2

Server Product 	ColdFusion 2016

Version 	2016.0.03.300466

Tomcat Version 	8.0.32.0

Edition 	Enterprise  

Operating System 	UNIX  

OS Version 	3.10.0-327.36.2.el7.x86_64  

Update Level 	cold_fusion_disk/coldfusion2016/appsdev/lib/updates/chf20160003.jar  

Adobe Driver Version 	5.1.4 (Build 0001)

Attachments:

  1. November 30, 2016 00:00:00: 1_sample_code.zip

Comments:

Same issue on Windows 2012R2/IIS8.5
Vote by Stephen W.
1434 | April 26, 2017 04:17:08 PM GMT
Hi Stephen, Could you try disabling the option "Allow Remote Inspection" under Debugging & Logging-->Remote Inspection Settings. And then try running your testcase, you would not see the jsessionid cookie. Please do confirm the same. This setting is disabled by default on Production Secure profile. Thanks!
Comment by S P.
1432 | May 16, 2017 06:51:20 AM GMT
Hi Stephen, Closing the bug for now with the reason being as stated in the previous comment. But do let us know if you have issues with the same, we will look into it. Thanks!
Comment by S P.
1433 | July 17, 2017 01:32:35 AM GMT