[Logo] OLD FORUM - Use new one: https://www.CaptainCasa.online/forum
  [Search] Search   [Recent Topics] Recent Topics   [Members]  Member Listing   [Groups] Back to home page 
[Register] Register / 
[Login] Login 
Error: Client that sends the request is not the one that created the session  XML
Forum Index -> Development
Author Message
dstrigel

Power User

Joined: 09/12/2010 09:23:42
Messages: 69
Offline

Can we ignore this or should we investigate?
Can't really classify that...
Best regards
Daniel



[2023-03-29T10:40:11.264+0200] [Payara 5.2022.4] [WARNING] [] [javax.enterprise.web] [tid: _ThreadID=94 _ThreadName=http-thread-pool::http-listener- 1(10)] [timeMillis: 1680079211264] [levelValue: 900] [[
StandardWrapperValve[FacesServlet]: Servlet.service() for servlet FacesServlet threw exception
java.lang.Error: Client that sends the request is not the one that created the session. Request is cancelled: /x/faces/eclntjsfserver/includes/ccaround.jsp
at org.eclnt.jsfserver.util.SecurityFilterGeneral.performCheck_remoteAddress(SecurityFilterGeneral.java:206)
at org.eclnt.jsfserver.util.SecurityFilterGeneral.doFilter(SecurityFilterGeneral.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:253)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:211)
at org.eclnt.jsfserver.util.SecurityFilter.doFilter(SecurityFilter.java:162)
CaptainCasa

Power User
[Avatar]

Joined: 21/11/2007 12:23:06
Messages: 5555
Offline

Hi Daniel,

CaptainCasa by default includes a servlet-filter "SecurityFilterGeneral" which assigens a unique id to each session which is also sent to the client via cookie. Every request from the client from now in is checked to include this unique id in the cookie information.

If the cookie is missing then this exception is thrown.

This filter can be switched on/off by system.xml configuration.

We recommend to definitely use this filter when using session-tracking mode "URL". The filter is not required for session-trackting mode "COOKIE".

PLease find more information in the Security Guide: https://www.captaincasa.com/docu/eclnt_risc_securityguide/all.html#sessionidhijacking

Kind regards! Björn

Björn Müller, CaptainCasa GmbH
 
Forum Index -> Development
Go to:   
Powered by JForum 2.1.6 © JForum Team