users@glassfish.java.net

Re: configuring JSESSIONID cookie name for different web applications

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Wed, 18 Feb 2009 20:42:36 -0800

On 02/18/09 04:51 PM, glassfish_at_javadesktop.org wrote:
> I have three web applications, each deployed as the root context to a different listener port:
>
> web1 : 8080
> web2 : 8081
> web3 : 8082
>
> The web apps belong to the *same* domain. When logging on to web1 a session is created with a cookie name JSESSIONID. When logging on to web2 the session cookie is overwritten and web1 no longer has access to the session.
>
> Is it possible to configure the JSESSIONID cookie name to be unique for each web application? Ideally web1 would have a session cookie name like JSESSIONIDWEB1.
>
> I understand it is possible to configure the cookieDomain property in sun-web-app but each web app belongs to the same domain so this does not help.
>

The Servlet 3.0 spec is going to add support for session cookie
configuration
(both declarative and programmatic). At the time when this was discussed,
some of the Servlet EG members suggested that the name of the session cookie
also be configurable through a standard mechanism, but that idea was
ultimately
dismissed.

Some containers already provide this flexibility, but GlassFish does not
(yet).

First of all, the Servlet spec would need to be relaxed, which currently
has this
(see SRV.7.1.1: "Cookies"):

    The name of the session tracking cookie must be JSESSIONID

Feel free to file an enhancement request in the GlassFish issue tracker.
Your use case certainly sounds compelling!


Jan

> Many thanks in advance!
> [Message sent by forum member 'ggierer' (ggierer)]
>
> http://forums.java.net/jive/thread.jspa?messageID=332788
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>