2 Replies Latest reply on Jun 16, 2014 2:32 PM by jamat

    Basic authentication and JSESSIONID cookie

    jamat

      Not sure if I am doing something wrong or if this is how it is supposed to work. I have tried the servlet-security webapp from Jboss quickstart examples which use Basic Authentication.

      It is working fine. But I do not see any JSESSIONID cookie in the response. (I have tried with JBoss Wildfly 8.1.0.CR1)

      As I said maybe this is the normal behavior but I would like someone to confirm.

      For your information I am porting an application from WebLogic and in this case the JSESSIONID cookie is sent. And we somehow uses it for stickiness so I would like to have the same kind of behavior in JBoss.

        • 1. Re: Basic authentication and JSESSIONID cookie
          dlofthouse

          Basic authentication by itself does not require the use of session, is your web app accessing a HTTP session after the authentication?  That would be the time a session ID is generated and returned to the client.

          • 2. Re: Basic authentication and JSESSIONID cookie
            jamat

            No we do not. As I said we only used the cookie for sitckiness as we wanted all the requests following the first one without a cookie to go to the same server in a cluster (I guess we could manage our own cookie). I just asked the question to confirm that this was the 'normal' behavior of JBoss and not something that I had mis-configured.

             

             

            EDIT: Actually I take that back. We probably access the session.