pedinopa_170325
Aug 06, 2018Nimbostratus
jsessionid
I thought we had a solution (I was wrong). Appearently when you use ZAP or other header scanners they will find the JSESSIONID. I found the HTML code I need but would rather do it in the F5. The code is
true true COOKIE
I was reading about using a stream policy and an expression. what it comes down to is I need to remove the JSESSIONID from the response URL.