We use wildfly 8.2 and most of the pages are served over HTTPS. JsessionID is marked as secure. Due to nature of the application few pages are served over HTTP. Since the JSESSIONID is marked as secure, HTTP requests will not have access to JSESSIONID cookie and wildfly creates new session ID which overwrites HTTPS JSESSIONID.
Is this possible to use different PATH values in JSESSIONID cookie to differentiate between HTTPS & HTTP request, so that both session lives.
JSESSIONID=JPHxsxKKkIfVI_MYk6Idm-tK.abcdefg; path=/server/main; HttpOnly; Secure;
JSESSIONID=qwersdfwerwerwerwerwe-tK.abcdefg; path=/server/main/specificPage; HttpOnly;
Thanks in advance.
yes it is possible.
you can configure cookies in web.xml