4 Replies Latest reply on Feb 5, 2007 2:57 PM by bvogt

    Changing the name of the JSessionID cookie?

    alosix
    alosix Aug 3, 2006 10:33 PM

      Hate to ask what might be a simple question, but google has failed me.

      Is it possible to change the name of the JSessionid cookie to something else. This was relatively easy to do in weblogic, but I can't seem to find a setting for this in Jboss.

      Thanks,
      Jason

      • 8261 Views
      • Tags:
        • 1. Re: Changing the name of the JSessionID cookie?
          j2ee_junkie
          j2ee_junkie Aug 4, 2006 7:40 AM (in response to alosix)

          Jason,

          From what I can tell this can not be configured. I did find this that backs up my findings. http://mail-archives.apache.org/mod_mbox/tomcat-users/200407.mbox/%3C40E6DA8C.8040403@tngtech.com%3E

          cgriffith

            • Actions
          • 2. Re: Changing the name of the JSessionID cookie?
            alosix
            alosix Aug 4, 2006 9:17 AM (in response to alosix)

            Ok, so I'm not going nuts.

            Here's what I'm doing:


            Apache front end to the site

            JBoss portal (routed by apache)

            Legacy app in Iframe portlet on another jboss server.


            Just trying to make sure that the portal session doesn't stomp on the legacy apps session. It looks like jboss is tolerant of this (reusing the cookie if it exists) but I'm not sure yet.

            Thanks,
            Jaon

              • Actions
            • 3. Re: Changing the name of the JSessionID cookie?
              brian.stansberry
              brian.stansberry Aug 4, 2006 10:38 AM (in response to alosix)

              If your Connector element in server.xml has the emptySessionPath attribute set to true, a session cookie emitted to one webapp will be presented and accepted by another. By default, this attribute is true in JBoss.

              See
              http://www.jboss.com/index.html?module=bb&op=viewtopic&t=74446 for a somewhat related discussion.

                • Actions
              • 4. Re: Changing the name of the JSessionID cookie?
                bvogt
                bvogt Feb 5, 2007 2:57 PM (in response to alosix)

                Is it reasonable to think about modifying the tomcat and jbossAS sources?

                the current tomcat version 5.5.20 shows:

                Searching for: jsessionid
connectors\coyote\src\java\org\apache\coyote\tomcat4\CoyoteResponse.java(1241): if( file.indexOf(";jsessionid=" + session.getId()) >= 0 )
connectors\coyote\src\java\org\apache\coyote\tomcat4\CoyoteResponse.java(1313): if( sb.length() > 0 ) { // jsessionid can't be first.
connectors\coyote\src\java\org\apache\coyote\tomcat4\CoyoteResponse.java(1314): sb.append(";jsessionid=");
connectors\jk\native\common\jk_global.h(176): #define JK_SESSION_IDENTIFIER "JSESSIONID"
connectors\jk\native\common\jk_global.h(177): #define JK_PATH_SESSION_IDENTIFIER ";jsessionid"
connectors\jk\xdocs\changelog.xml(521): jsessionid was removed. (mturk)
connectors\jk\xdocs\changelog.xml(582): Check all JSESSIONID cookies for a valid jvmRoute. If you have multiple Tomcats
container\catalina\src\share\org\apache\catalina\Globals.java(271): public static final String SESSION_COOKIE_NAME = "JSESSIONID";
container\catalina\src\share\org\apache\catalina\Globals.java(278): public static final String SESSION_PARAMETER_NAME = "jsessionid";
container\catalina\src\share\org\apache\catalina\authenticator\Constants.java(42): public static final String SINGLE_SIGN_ON_COOKIE = "JSESSIONIDSSO";
container\catalina\src\share\org\apache\catalina\connector\CoyoteAdapter.java(315): redirectPath = redirectPath + ";jsessionid="
container\catalina\src\share\org\apache\catalina\connector\Request.java(2247): * Configures the given JSESSIONID cookie.
container\catalina\src\share\org\apache\catalina\connector\Request.java(2249): * @param cookie The JSESSIONID cookie to be configured
container\catalina\src\share\org\apache\catalina\connector\Response.java(1418): if( file.indexOf(";jsessionid=" + session.getIdInternal()) >= 0 )
container\catalina\src\share\org\apache\catalina\connector\Response.java(1551): if( sb.length() > 0 ) { // jsessionid can't be first.
container\catalina\src\share\org\apache\catalina\connector\Response.java(1552): sb.append(";jsessionid=");
container\catalina\src\share\org\apache\catalina\core\ApplicationHttpRequest.java(551): * Returns true if the request specifies a JSESSIONID that is valid within
container\catalina\src\share\org\apache\catalina\core\ApplicationHttpRequest.java(554): * @return true if the request specifies a JSESSIONID that is valid within
container\catalina\src\share\org\apache\catalina\realm\RealmBase.java(946): file.append(";jsessionid=");
container\modules\cluster\src\share\org\apache\catalina\cluster\session\JvmRouteBinderValve.java(48): * bad with apache at my windows.). We rewrite now the jsessionid
container\modules\cluster\src\share\org\apache\catalina\cluster\session\JvmRouteBinderValve.java(53): * As jsessionid was created by cookie, the change JSESSIONID cookie resend with next response.
container\modules\cluster\src\share\org\apache\catalina\cluster\session\mbeans-descriptors.xml(6): <mbean name="JvmRouteBinderValve" description="mod_jk jvmRoute jsessionid cookie backup correction" domain="Catalina"
container\modules\ha\src\share\org\apache\catalina\ha\session\JvmRouteBinderValve.java(48): * bad with apache at my windows.). We rewrite now the cookie jsessionid
container\modules\ha\src\share\org\apache\catalina\ha\session\mbeans-descriptors.xml(6): <mbean name="JvmRouteBinderValve" description="mod_jk jvmRoute jsessionid cookie backup correction" domain="Catalina"
container\tester\src\tester\org\apache\tester\TestClient.java(408): "JSESSIONID=" + sessionId);
container\tester\src\tester\org\apache\tester\TestClient.java(410): log("INPH: Cookie: JSESSIONID=" +
container\tester\src\tester\org\apache\tester\TestClient.java(600): pw.println("Cookie: JSESSIONID=" + sessionId);
container\tester\src\tester\org\apache\tester\TestClient.java(602): log("INPH: Cookie: JSESSIONID=" +
container\tester\src\tester\org\apache\tester\TestClient.java(799): int equals = value.indexOf("JSESSIONID=");
container\tester\src\tester\org\apache\tester\TestClient.java(802): value = value.substring(equals + "JSESSIONID=".length());
container\webapps\docs\changelog.xml(972): <bug>34749</bug>: jsessionid dropped on trailing slash (/) redirect (remm)
container\webapps\docs\cluster-howto.xml(379): <br/><b>Example</b> configure cluster with cluster failover jsessionid support. In this
container\webapps\docs\cluster-howto.xml(976): now detect the takeover and rewrite the jsessionid
container\webapps\docs\cluster-howto.xml(981): As jsessionid was created by cookie, the change JSESSIONID cookie resend with next response.
jasper\src\share\org\apache\jasper\tagplugins\jstl\Util.java(143): * is encoded as a URL "path parameter" beginning with "jsessionid=".
jasper\src\share\org\apache\jasper\tagplugins\jstl\Util.java(144): * We thus remove anything we find between ";jsessionid=" (inclusive)
jasper\src\share\org\apache\jasper\tagplugins\jstl\Util.java(152): while ((sessionStart = u.toString().indexOf(";jsessionid=")) != -1) {
Found 37 occurrence(s) in 18 file(s)


                and jbossAS has: 
                Searching for: jsessionid
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\console\src\main\org\jboss\console\navtree\AppletBrowser.java(87): sessionId = "jsessionid=" + sessionId;
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\BaseTest.java(229): // Get the state for the JSESSIONID
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\BaseTest.java(231): // Get the JSESSIONID so we can reset the host
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\BaseTest.java(237): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\BaseTest.java(244): log.info("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\FormAuthFailoverTestCase.java(80): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\FormAuthFailoverTestCase.java(83): log.debug("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\FormAuthFailoverTestCase.java(113): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\FormAuthFailoverTestCase.java(125): assertTrue("Saw JSESSIONID", sessionID != null);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\FormAuthFailoverTestCase.java(126): log.debug("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(84): // Get the state for the JSESSIONID
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(92): // Get the JSESSIONID so we can reset the host
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(98): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(101): log.info("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(160): // Get the state for the JSESSIONID
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(162): // Get the JSESSIONID so we can reset the host
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(168): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(171): log.info("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\web\jk\test\JvmRouteURLRewritingTestCase.java(53): url = url + ";jsessionid=" + sessionId;
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\web\jk\test\JvmRouteURLRewritingTestCase.java(77): hdr = method.getResponseHeader("X-TestJSessionID");
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\web\jk\test\JvmRouteURLRewritingTestCase.java(78): assertNotNull("Got the X-TestJSessionID header", hdr);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\web\jk\test\JvmRouteURLRewritingTestCase.java(93): String expectedURL = "accessSession.jsp;jsessionid=" + id;
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(131): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(134): log.debug("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(216): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(219): log.debug("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(248): if( k.getName().equalsIgnoreCase("JSESSIONIDSSO") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(257): assertTrue("Saw JSESSIONIDSSO", ssoID != null);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(258): log.debug("Saw JSESSIONIDSSO="+ssoID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(268): // Now try getting the war2 index using the JSESSIONIDSSO cookie
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(297): // Now try getting the war1 index using the JSESSIONIDSSO cookie
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(94): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(97): getLog().debug("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(136): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(139): getLog().debug("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(194): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(197): getLog().debug("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(266): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(269): getLog().debug("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(304): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(307): getLog().debug("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(66): if( k.getName().equalsIgnoreCase("JSESSIONID") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(69): log.debug("Saw JSESSIONID="+sessionID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(99): if( k.getName().equalsIgnoreCase("JSESSIONIDSSO") )
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(111): assertTrue("Saw JSESSIONIDSSO", ssoID != null);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(112): log.debug("Saw JSESSIONIDSSO="+ssoID);
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(122): // Now try getting the war2 index using the JSESSIONIDSSO cookie
E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\resources\cluster\http\http-jk\accessSession.jsp(3): response.setHeader("X-TestJSessionID", session.getId());
Found 48 occurrence(s) in 9 file(s)


                Thanks in advance!

                Burkhard

                  • Actions