Hi, I am using JRS 4.7.I have tested the JRS with IBM AppScan ,I found some security Issues : 1.Always use SSL and POST (body) parameters when sending sensitive information.2.Do not accept externally created session identifiers.3. Remove the cookie 'JSESSIONID' from url. please let me know , how to solve these issues. Thanks & Regards,Aravind