Support tip: Web Client session id changes after successful login

Hello,

 
This may be useful for any of your customers that ask about some security aspects of the Service Manager web client.

 
The current SM Webtiers(version 7 and above) have the ability to change the session id after login.  You can trace this using a browser add-on like HTTPHeaders or httpWatch (if you have the full-paid version). Look for the JSESSIONID cookies that get created during the login process. You will see that the app server where SM webtier is running provides a unique JSESSIONID when they hit the index.do/ess.do login page. Then the JSESSIONID is changed after the user hits the “Log in” button.

 
Regards,

 
Andrew