Hi all,

We are currently experiencing an issue where the JSESSIONIDSSO cookie is not being set on the response of the login page upon successful login.  This occurs immediately after a restart of the Wildfly service and only affects two of the apps deployed there - there are several others that don't have the issue.  All apps use the same security domain and share the SSO context (usually successfully).  If we disable and then enable the broken app it will begin working properly until the next service restart.  Without the SSO cookie users are unable to use the app as all requests just keep being redirected to the login form.

Here are two responses captured with Wireshark to illustrate the issue.  The first is immediately after a restart, and the second is after the app is disabled and then re-enabled.

HTTP/1.1 200 OK

Date: Wed, 31 Aug 2016 05:57:31 GMT

Server: WildFly/9

X-Powered-By: Undertow/1

Content-Type: application/json

Content-Length: 23

Set-Cookie: JSESSIONID=7as3vdBA12cerHoE8Ofz6lMMyy1Vszfe03CliJ1P.server8102; path=/app

Set-Cookie: BALANCEID=.server2; path=/;

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

{ "status": "SUCCESS" }

HTTP/1.1 200 OK

Date: Wed, 31 Aug 2016 06:04:27 GMT

Server: WildFly/9

X-Powered-By: Undertow/1

Content-Type: application/json

Content-Length: 23

Set-Cookie: JSESSIONID=gQxWB7Mjg6c1MpO2Cl-2C3LUXxU7dsznvxPrP7rq.server8102; path=/app

Set-Cookie: JSESSIONIDSSO=k1ZB8kZ4Wod91-qN8jTj3cvCE3MOUK2NJA1i38f3; path=/

Set-Cookie: BALANCEID=.server2; path=/;

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

{ "status": "SUCCESS" }

I've attached relevant config.  We are using Wildfly 9.0.1 on Windows.  It does sit behind a modproxy reverse proxy server but I don't think that has anything to do with it. 

Any help with this would be much appreciated.

Thanks,

Matt