Details
Description
NXRM has started to return JSESSIONID cookies. In the past these were not generated.
curl 'http://localhost:8081/service/rapture/session' -H 'Connection: keep-alive' -H 'Pragma: no-cache' -H 'Cache-Control: no-cache' -H 'X-Requested-With: XMLHttpRequest' -H 'X-Nexus-UI: true' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36' -H 'NX-ANTI-CSRF-TOKEN: 0.20777158166126664' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'Accept: */*' -H 'Origin: http://localhost:8081' -H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Dest: empty' -H 'Referer: http://localhost:8081/' -H 'Accept-Language: en-US,en;q=0.9' -H 'Cookie: NX-ANTI-CSRF-TOKEN=0.20777158166126664; _ga=GA1.1.918799830.1597419849; _gid=GA1.1.591002232.1597419849' --data-raw 'username=YWRtaW4%3D&password=YWRtaW4xMjM%3D' --compressed -v * Trying ::1:8081... * TCP_NODELAY set * Connection failed * connect to ::1 port 8081 failed: Connection refused * Trying 127.0.0.1:8081... * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 8081 (#0) > POST /service/rapture/session HTTP/1.1 > Host: localhost:8081 > Accept-Encoding: deflate, gzip > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > X-Requested-With: XMLHttpRequest > X-Nexus-UI: true > User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 > NX-ANTI-CSRF-TOKEN: 0.20777158166126664 > Content-Type: application/x-www-form-urlencoded; charset=UTF-8 > Accept: */* > Origin: http://localhost:8081 > Sec-Fetch-Site: same-origin > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > Referer: http://localhost:8081/ > Accept-Language: en-US,en;q=0.9 > Cookie: NX-ANTI-CSRF-TOKEN=0.20777158166126664; _ga=GA1.1.918799830.1597419849; _gid=GA1.1.591002232.1597419849 > Content-Length: 43 > * upload completely sent off: 43 out of 43 bytes * Mark bundle as not supporting multiuse < HTTP/1.1 204 No Content < Date: Fri, 14 Aug 2020 15:58:21 GMT < Server: Nexus/3.26.0-04 (PRO) < X-Content-Type-Options: nosniff < Set-Cookie: JSESSIONID=node0wa8z5s1cdgmc15v1nyqlq608j3.node0; Path=/ < Expires: Thu, 01 Jan 1970 00:00:00 GMT < Set-Cookie: NXSESSIONID=dd249c7b-8b34-4bda-bf2b-538a9520a757; Path=/; HttpOnly; SameSite=lax < X-Frame-Options: DENY <
Expected
Do not return JSESSIONID cookies. Sessions are tracked using NXSESSIONID cookies already.