-
Enhancement
-
Resolution: Done
-
Major
-
None
-
None
At HttpTargetContext, when the session id is set, we don't validate JSESSIONID path.
If the cookie path is defined, it must be equal to the resquest path or a prefix of it: https://tools.ietf.org/html/rfc6265#section-5.1.4
- is related to
-
WEJBHTTP-30 Thousand of unauthorized requests in between balancer and backend if backend is running in a cluster
- Resolved