My application uses session cookies. Somehow this cookie is being entered with tracking information for several users:
JSESSIONID = 0624EF8E3E5E7CCBDB52BAE6C44C5AFB.jvm application; optimizelySegments =% 7B% 22204658328% 22% 3A% 22false% 22% 2C% 22204736122% 22% 3A% 22referral% 22% 2C% 22204775011% 22% 3A% 22ie% 22% 2C% 22234726171% 22% 3A% 22none% 22 % 7D; optimizelyEndUserId = oeu6892721299353r0.9526657112221855; optimizelyBuckets =% 7B% 7D
JSESSIONID from my application, while optimizelyXXX items seem to come from optimizely.com, see the optimized FAQ .
How is this possible and what can I do? ModSecurity complains about a possible injection. Of course, I can disable this rule, but I want to understand what is happening.
source share