Is it possible to use two sessions for (http + https) per session by using different cookie path

spackiaraj Aug 23, 2016 5:31 PM

Hello,

We use wildfly 8.2 and most of the pages are served over HTTPS. JsessionID is marked as secure. Due to nature of the application few pages are served over HTTP. Since the JSESSIONID is marked as secure, HTTP requests will not have access to JSESSIONID cookie and wildfly creates new session ID which overwrites HTTPS JSESSIONID.

Is this possible to use different PATH values in JSESSIONID cookie to differentiate between HTTPS & HTTP request, so that both session lives.

for instance

JSESSIONID=JPHxsxKKkIfVI_MYk6Idm-tK.abcdefg; path=/server/main; HttpOnly; Secure;

JSESSIONID=qwersdfwerwerwerwerwe-tK.abcdefg; path=/server/main/specificPage; HttpOnly;

Thanks in advance.

1. Re: Is it possible to use two sessions for (http + https) per session by using different cookie path

ctomc Aug 23, 2016 6:49 PM (in response to spackiaraj)

yes it is possible.
you can configure cookies in web.xml
Actions