Changing cookie JSESSIONID name
JavaTomcatJsessionidJava Problem Overview
I have a requirement of having to run multiple tomcat server in single physical box. While accessing these from a browser, when user switches between the applications, it results in logging out the user previously access application. This is because of JSESSIONID cookie conflict.
One possible solution is to run each applications in different context. Unfortunately, my applications will not work in context path setting as none of the resources are accessed with request.getContextPath() prepended in front.
This leaves me to change the name of cookie JSESSIONID to resolve the conflict. Is there a way to do this? If yes, how?
Hope I'm clear in stating my question.
Note: All my application are running in different port in the same machine.
Java Solutions
Solution 1 - Java
Everything is much simpler with Servlet API 3.0.
Now you can configure it in your web.xml:
<session-config>
<cookie-config>
<name>MY_JSESSIONID_YAHOOOOOO</name>
</cookie-config>
</session-config>
That's it!
Solution 2 - Java
The following works for me on Tomcat7 in the context.xml file:
<Context path="/yourApp" sessionCookieName="custom_session_id">
Solution 3 - Java
By Using two following system properties this can be achieved with ease.
- org.apache.catalina.SESSION_COOKIE_NAME
- org.apache.catalina.SESSION_PARAMETER_NAME
Any value can be passed to above properties to change the default values.
Here complete details with some sample script is found.
Solution 4 - Java
Tomcat 7 moves this from org.apache.catalina.SESSION_COOKIE_NAME to an attribute on the main <Context> config. http://tomcat.apache.org/migration-7.html#Session_manager_configuration
Solution 5 - Java
I don't think it's possible at this point - see https://issues.apache.org/bugzilla/show_bug.cgi?id=42419
The last entry states "This has been fixed in 5.5.x and will be included in 5.5.28 onwards" - which is the next point release - 5.5.27 is the current release.
Solution 6 - Java
Not 100% sure if this will work, but you can use the jvmRoute
attribute, which is generally used in a load-balanced/clustered environment for the load balancers to be able to tell the nodes apart. Example:
<Engine name="Catalina" defaultHost="localhost" jvmRoute="node1">
This will end up generating a JSESSIONID value that looks like "ABCDEF123456.node1".
Solution 7 - Java
I found it in Tomcat at /tomcat/conf/server.xml
server.xml
<Engine name="Catalina" defaultHost="localhost" jvmRoute="instanceName">
5D33F755D8D75EF7C8E840.instanceName
Solution 8 - Java
final SessionCookieConfig sessionCookieConfig = servletContext.getSessionCookieConfig();
sessionCookieConfig.setSecure(true);
sessionCookieConfig.setHttpOnly(true);
// Set __Host- prefix
sessionCookieConfig.setName("__Host-JSESSIONID");