Topic
  • 4 replies
  • Latest Post - ‏2013-11-26T14:22:18Z by vishalendu
vishalendu
vishalendu
5 Posts

Pinned topic What is the use of debugCrossover flag in httpSession setting for Liberty Profile

‏2013-11-25T07:44:44Z |

Hi,

Can anyone please elaborate on what is the use of the debugCrossover flag in the httpSession Element in server.xml

(FYI, I am using Liberty Profile 8.5.0.1)

<httpSession debugCrossover="true"/>

Does this flag help us in exposing any security vulnerability?

Thanks,

Vishalendu

  • bergmark
    bergmark
    42 Posts

    Re: What is the use of debugCrossover flag in httpSession setting for Liberty Profile

    ‏2013-11-25T15:34:45Z  

    The flag is documented here, along with other server.xml configuration options:

    http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.doc/autodita/rwlp_metatype_4ic.html

    In summary, it causes the server to print additional messages if it detects that a session not associated with the current request is being used.  I believe this is primarily to help debug issues where the wrong session object might be accessed by the application, and not something you would leave turned on.

  • vishalendu
    vishalendu
    5 Posts

    Re: What is the use of debugCrossover flag in httpSession setting for Liberty Profile

    ‏2013-11-25T17:37:31Z  
    • bergmark
    • ‏2013-11-25T15:34:45Z

    The flag is documented here, along with other server.xml configuration options:

    http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.wlp.nd.doc/autodita/rwlp_metatype_4ic.html

    In summary, it causes the server to print additional messages if it detects that a session not associated with the current request is being used.  I believe this is primarily to help debug issues where the wrong session object might be accessed by the application, and not something you would leave turned on.

    Hi,

    Thanks for the link. However, I have already went through the same.

    The reason I am asking this question is, because after setting this flag, I am not able to login to my deployed application.

    When I set the flag as false, there are no issues.

    I was hoping this flag was only to debug any issue, and would not cause any failures in the application.

    Thanks,

    Vishalendu

     

  • bergmark
    bergmark
    42 Posts

    Re: What is the use of debugCrossover flag in httpSession setting for Liberty Profile

    ‏2013-11-25T17:56:52Z  

    Hi,

    Thanks for the link. However, I have already went through the same.

    The reason I am asking this question is, because after setting this flag, I am not able to login to my deployed application.

    When I set the flag as false, there are no issues.

    I was hoping this flag was only to debug any issue, and would not cause any failures in the application.

    Thanks,

    Vishalendu

     

    Could you provide some more information on what exactly happens when you set this flag?  Any errors in the logs?

  • vishalendu
    vishalendu
    5 Posts

    Re: What is the use of debugCrossover flag in httpSession setting for Liberty Profile

    ‏2013-11-26T14:22:18Z  
    • bergmark
    • ‏2013-11-25T17:56:52Z

    Could you provide some more information on what exactly happens when you set this flag?  Any errors in the logs?

    I dont want to attach the stack trace here, since the application is still under development. 

    Since I am working in IBM as well, I should be able to send you the stack trace by email/ST, if you can share your email id with me, or send me an email at:

    vishalendu@in.ibm.com

     

    Thanks,

    Vishalendu