jsessionid or How to protect against WebSphere admins
This is a follow-up for the Beware of WebSphere admins post just below – read it to find out how this relates to the jsessionid discussion My first immediate conclusion after the described deployment problems was to ban the use of the jsession cookie in future applications. If the application always includes the jsessionid parameter […]