AnsweredAssumed Answered

JSESSIONID header stripped in responses

Question asked by jon_vandergriff on Dec 17, 2013
Latest reply on Dec 20, 2013 by JPerlmutter

I have been handed a dev stack that includes CA SiteMinder.  The response headers are stripped of the JSESSIONID cookie.  The applicaiton server is generating them but somewhere in the stack my response headers are being stripped.  My hunch is that it's SiteMinder at work.  Can anyone confirm this behavior?

If this is default behavior how are session states persisted without cookies?  Passing the JSESSIONID as part of the URL works however it is non-optimal.