-
1. Re: Wildfly 8.2.1 issue with JSESSIONID
jewellgm May 3, 2018 12:14 PM (in response to n_nagraj321)Wildfly doesn't use tomcat underneath the covers, so setting that property wouldn't have an effect. The web server is now the Undertow product. Looking at github, it appears that the SessionId is generated with a class called SecureRandomSessionIdGenerator.
Earlier versions of this class hard-coded the alphabet that is pulled from to generate the sessionId. I don't know what version of Undertow is embedded within Wildfly 8.2.1, but if it's Undertow 1.4 or later, you can set the system property "io.undertow.server.session.SecureRandomSessionIdGenerator.ALPHABET" to use the character set you desire.
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/session/SecureRandomSessionIdGenerator.java -
2. Re: Wildfly 8.2.1 issue with JSESSIONID
jewellgm May 3, 2018 4:53 PM (in response to jewellgm)I didn't notice this before, but the class documentation states that the alphabet length has to be exactly 64 characters. The set of alphanumeric characters only provides 62, so you'd need to repeat 2 of them.
Having said that, according to this page, Wildfly 8.2.1 contains Undertow 1.1.8, so setting that system variable won't be of help to you.
-
3. Re: Wildfly 8.2.1 issue with JSESSIONID
n_nagraj321 May 4, 2018 2:29 AM (in response to jewellgm)Thanks Greg.
I have tried repeating the 2 characters but still getting the special characters in the JsessionID. Looks like this solution is not working
set "SERVER_OPTS=%SERVER_OPTS% -Dorg.apache.catalina.session.ManagerBase.SESSION_ID_ALPHABET=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345678901"
Thanks
Nagarjau
-
4. Re: Wildfly 8.2.1 issue with JSESSIONID
pferraro May 6, 2018 4:38 PM (in response to n_nagraj321)n_nagraj321 Please reread jewellgm 's initial reply again. The system property you are using is not used in WildFly.
-
5. Re: Wildfly 8.2.1 issue with JSESSIONID
n_nagraj321 May 7, 2018 6:11 AM (in response to pferraro)Hi @pferraro,
@jewellgm mentioned we need to use the "io.undertow.server.session.SecureRandomSessionIdGenerator.ALPHABET" only if the undertow version is >= 1.4 but the wildfly 8.2.1 is using 1.2 only. So we can't use it.
Thanks
Nagaraju
-
6. Re: Wildfly 8.2.1 issue with JSESSIONID
jewellgm May 7, 2018 12:41 PM (in response to n_nagraj321)If you are allowed to get the undertow source code from git, you can make the change to that class, compile, and regenerate a new undertow-core jar. You could then replace that jar in your wildfly deployment without problem. Of course, you would need to grab the same version of undertow that is being used by wildfly 8.2.1.