SRG-APP-000439-WSR-000153
Rule Title: Web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.
Dx NetOps Performance Management 3.7
We cannot encrypt JSESSIONID. That is controlled by jetty. JSESSIONID is jetty's session ID, it's an ID that the web server uses to store session info on the web server. We store the UserSession class object in there along with other stuff. It is however, a requirement for NetOps Performance Management to work. However, the login token (CADefaultCookie) is encrypted.