3 Replies Latest reply on Sep 2, 2014 9:02 PM by Peter Tipping

    How to stop JSESSIONID being shared between two domains

    Peter Tipping Newbie

      Let me start by being 100% honest.

      I am NOT an experienced JBoss or WildFly developer or user.

      I am muddling my way through, since being made the Systems Administrator.  The consultant who set it all up, has long since left the building.

       

      Now, on to the problem being experienced:

       

      We are using WildFly 8.1.0 Final.

      We are developing multiple concurrent streams.

      On one RedHat server we have installed 4 WildFly domains, each deployed with a different version.  For ease, we will deal only with domain1 and domain2 in this example.

      Each domain has it's own set of ports.  Each domain individually works perfectly, as expected.

       

      The problems arise when two domains are logged onto concurrently, from the same test PC.

      Once the first domain (domain1) is logged onto, a JSESSIONID cookie is created.

      As soon as you log onto the second domain (domain2), the value of the JSESSIONID cookie is overwritten.

       

      Obviously this effectively logs you off domain1.

       

      Is there a way to configure WildFly to use a different JSESSIONID cookie, relevant to the port?

       

      Any and all suggestions are most welcome.


      Regards,

      Peter.

        • 1. Re: How to stop JSESSIONID being shared between two domains
          jaikiran pai Master

          You can have a different and unique cookie name configured for either of those setups. See this post for how to do it https://developer.jboss.org/message/875915#875915

          • 2. Re: How to stop JSESSIONID being shared between two domains
            Tomaz Cerar Master

            Beyond what Jaikiran pointed out, every application context for example /app1 and /app2 get different session cookie which is limited to their context.

             

            So can you post your undertow subsystem config here so we can see how you current config looks like.

            • 3. Re: Re: How to stop JSESSIONID being shared between two domains
              Peter Tipping Newbie

              Tomaz,

               

              I believe this is the section you are referring to, which is under the "full-ha" profile, which is what we are using.

               

                          <subsystem xmlns="urn:jboss:domain:undertow:1.1">
                              <buffer-cache name="default"/>
                              <server name="default-server">
                                  <http-listener name="default" socket-binding="http"/>
                                  <ajp-listener name="ajp" socket-binding="ajp"/>
                                  <host name="default-host" alias="localhost">
                                      <location name="/" handler="welcome-content"/>
                                      <filter-ref name="server-header"/>
                                      <filter-ref name="x-powered-by-header"/>
                                  </host>
                              </server>
                              <servlet-container name="default">
                                  <jsp-config/>
                              </servlet-container>
                              <handlers>
                                  <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
                              </handlers>
                              <filters>
                                  <response-header name="server-header" header-name="Server" header-value="WildFly/8"/>
                                  <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
                              </filters>
                          </subsystem>