4 Replies Latest reply on Feb 5, 2007 2:57 PM by Burkhard Vogt

    Changing the name of the JSessionID cookie?

    Jason Powers Newbie

      Hate to ask what might be a simple question, but google has failed me.

      Is it possible to change the name of the JSessionid cookie to something else. This was relatively easy to do in weblogic, but I can't seem to find a setting for this in Jboss.

      Thanks,
      Jason

        • 1. Re: Changing the name of the JSessionID cookie?
          chris griffith Expert

          Jason,

          From what I can tell this can not be configured. I did find this that backs up my findings. http://mail-archives.apache.org/mod_mbox/tomcat-users/200407.mbox/%3C40E6DA8C.8040403@tngtech.com%3E

          cgriffith

          • 2. Re: Changing the name of the JSessionID cookie?
            Jason Powers Newbie

            Ok, so I'm not going nuts.

            Here's what I'm doing:


            Apache front end to the site

            JBoss portal (routed by apache)

            Legacy app in Iframe portlet on another jboss server.


            Just trying to make sure that the portal session doesn't stomp on the legacy apps session. It looks like jboss is tolerant of this (reusing the cookie if it exists) but I'm not sure yet.

            Thanks,
            Jaon

            • 3. Re: Changing the name of the JSessionID cookie?
              Brian Stansberry Master

              If your Connector element in server.xml has the emptySessionPath attribute set to true, a session cookie emitted to one webapp will be presented and accepted by another. By default, this attribute is true in JBoss.

              See
              http://www.jboss.com/index.html?module=bb&op=viewtopic&t=74446 for a somewhat related discussion.

              • 4. Re: Changing the name of the JSessionID cookie?
                Burkhard Vogt Newbie

                Is it reasonable to think about modifying the tomcat and jbossAS sources?

                the current tomcat version 5.5.20 shows:

                Searching for: jsessionid
                connectors\coyote\src\java\org\apache\coyote\tomcat4\CoyoteResponse.java(1241): if( file.indexOf(";jsessionid=" + session.getId()) >= 0 )
                connectors\coyote\src\java\org\apache\coyote\tomcat4\CoyoteResponse.java(1313): if( sb.length() > 0 ) { // jsessionid can't be first.
                connectors\coyote\src\java\org\apache\coyote\tomcat4\CoyoteResponse.java(1314): sb.append(";jsessionid=");
                connectors\jk\native\common\jk_global.h(176): #define JK_SESSION_IDENTIFIER "JSESSIONID"
                connectors\jk\native\common\jk_global.h(177): #define JK_PATH_SESSION_IDENTIFIER ";jsessionid"
                connectors\jk\xdocs\changelog.xml(521): jsessionid was removed. (mturk)
                connectors\jk\xdocs\changelog.xml(582): Check all JSESSIONID cookies for a valid jvmRoute. If you have multiple Tomcats
                container\catalina\src\share\org\apache\catalina\Globals.java(271): public static final String SESSION_COOKIE_NAME = "JSESSIONID";
                container\catalina\src\share\org\apache\catalina\Globals.java(278): public static final String SESSION_PARAMETER_NAME = "jsessionid";
                container\catalina\src\share\org\apache\catalina\authenticator\Constants.java(42): public static final String SINGLE_SIGN_ON_COOKIE = "JSESSIONIDSSO";
                container\catalina\src\share\org\apache\catalina\connector\CoyoteAdapter.java(315): redirectPath = redirectPath + ";jsessionid="
                container\catalina\src\share\org\apache\catalina\connector\Request.java(2247): * Configures the given JSESSIONID cookie.
                container\catalina\src\share\org\apache\catalina\connector\Request.java(2249): * @param cookie The JSESSIONID cookie to be configured
                container\catalina\src\share\org\apache\catalina\connector\Response.java(1418): if( file.indexOf(";jsessionid=" + session.getIdInternal()) >= 0 )
                container\catalina\src\share\org\apache\catalina\connector\Response.java(1551): if( sb.length() > 0 ) { // jsessionid can't be first.
                container\catalina\src\share\org\apache\catalina\connector\Response.java(1552): sb.append(";jsessionid=");
                container\catalina\src\share\org\apache\catalina\core\ApplicationHttpRequest.java(551): * Returns true if the request specifies a JSESSIONID that is valid within
                container\catalina\src\share\org\apache\catalina\core\ApplicationHttpRequest.java(554): * @return true if the request specifies a JSESSIONID that is valid within
                container\catalina\src\share\org\apache\catalina\realm\RealmBase.java(946): file.append(";jsessionid=");
                container\modules\cluster\src\share\org\apache\catalina\cluster\session\JvmRouteBinderValve.java(48): * bad with apache at my windows.). We rewrite now the jsessionid
                container\modules\cluster\src\share\org\apache\catalina\cluster\session\JvmRouteBinderValve.java(53): * As jsessionid was created by cookie, the change JSESSIONID cookie resend with next response.
                container\modules\cluster\src\share\org\apache\catalina\cluster\session\mbeans-descriptors.xml(6): <mbean name="JvmRouteBinderValve" description="mod_jk jvmRoute jsessionid cookie backup correction" domain="Catalina"
                container\modules\ha\src\share\org\apache\catalina\ha\session\JvmRouteBinderValve.java(48): * bad with apache at my windows.). We rewrite now the cookie jsessionid
                container\modules\ha\src\share\org\apache\catalina\ha\session\mbeans-descriptors.xml(6): <mbean name="JvmRouteBinderValve" description="mod_jk jvmRoute jsessionid cookie backup correction" domain="Catalina"
                container\tester\src\tester\org\apache\tester\TestClient.java(408): "JSESSIONID=" + sessionId);
                container\tester\src\tester\org\apache\tester\TestClient.java(410): log("INPH: Cookie: JSESSIONID=" +
                container\tester\src\tester\org\apache\tester\TestClient.java(600): pw.println("Cookie: JSESSIONID=" + sessionId);
                container\tester\src\tester\org\apache\tester\TestClient.java(602): log("INPH: Cookie: JSESSIONID=" +
                container\tester\src\tester\org\apache\tester\TestClient.java(799): int equals = value.indexOf("JSESSIONID=");
                container\tester\src\tester\org\apache\tester\TestClient.java(802): value = value.substring(equals + "JSESSIONID=".length());
                container\webapps\docs\changelog.xml(972): <bug>34749</bug>: jsessionid dropped on trailing slash (/) redirect (remm)
                container\webapps\docs\cluster-howto.xml(379): <br/><b>Example</b> configure cluster with cluster failover jsessionid support. In this
                container\webapps\docs\cluster-howto.xml(976): now detect the takeover and rewrite the jsessionid
                container\webapps\docs\cluster-howto.xml(981): As jsessionid was created by cookie, the change JSESSIONID cookie resend with next response.
                jasper\src\share\org\apache\jasper\tagplugins\jstl\Util.java(143): * is encoded as a URL "path parameter" beginning with "jsessionid=".
                jasper\src\share\org\apache\jasper\tagplugins\jstl\Util.java(144): * We thus remove anything we find between ";jsessionid=" (inclusive)
                jasper\src\share\org\apache\jasper\tagplugins\jstl\Util.java(152): while ((sessionStart = u.toString().indexOf(";jsessionid=")) != -1) {
                Found 37 occurrence(s) in 18 file(s)


                and jbossAS has:
                Searching for: jsessionid
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\console\src\main\org\jboss\console\navtree\AppletBrowser.java(87): sessionId = "jsessionid=" + sessionId;
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\BaseTest.java(229): // Get the state for the JSESSIONID
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\BaseTest.java(231): // Get the JSESSIONID so we can reset the host
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\BaseTest.java(237): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\BaseTest.java(244): log.info("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\FormAuthFailoverTestCase.java(80): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\FormAuthFailoverTestCase.java(83): log.debug("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\FormAuthFailoverTestCase.java(113): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\FormAuthFailoverTestCase.java(125): assertTrue("Saw JSESSIONID", sessionID != null);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\FormAuthFailoverTestCase.java(126): log.debug("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(84): // Get the state for the JSESSIONID
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(92): // Get the JSESSIONID so we can reset the host
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(98): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(101): log.info("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(160): // Get the state for the JSESSIONID
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(162): // Get the JSESSIONID so we can reset the host
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(168): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\test\WebSessionTestCase.java(171): log.info("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\web\jk\test\JvmRouteURLRewritingTestCase.java(53): url = url + ";jsessionid=" + sessionId;
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\web\jk\test\JvmRouteURLRewritingTestCase.java(77): hdr = method.getResponseHeader("X-TestJSessionID");
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\web\jk\test\JvmRouteURLRewritingTestCase.java(78): assertNotNull("Got the X-TestJSessionID header", hdr);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\cluster\web\jk\test\JvmRouteURLRewritingTestCase.java(93): String expectedURL = "accessSession.jsp;jsessionid=" + id;
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(131): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(134): log.debug("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(216): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(219): log.debug("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(248): if( k.getName().equalsIgnoreCase("JSESSIONIDSSO") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(257): assertTrue("Saw JSESSIONIDSSO", ssoID != null);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(258): log.debug("Saw JSESSIONIDSSO="+ssoID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(268): // Now try getting the war2 index using the JSESSIONIDSSO cookie
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\ClusteredSingleSignOnUnitTestCase.java(297): // Now try getting the war1 index using the JSESSIONIDSSO cookie
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(94): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(97): getLog().debug("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(136): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(139): getLog().debug("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(194): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(197): getLog().debug("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(266): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(269): getLog().debug("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(304): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\FormAuthUnitTestCase.java(307): getLog().debug("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(66): if( k.getName().equalsIgnoreCase("JSESSIONID") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(69): log.debug("Saw JSESSIONID="+sessionID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(99): if( k.getName().equalsIgnoreCase("JSESSIONIDSSO") )
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(111): assertTrue("Saw JSESSIONIDSSO", ssoID != null);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(112): log.debug("Saw JSESSIONIDSSO="+ssoID);
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\main\org\jboss\test\web\test\SSOBaseCase.java(122): // Now try getting the war2 index using the JSESSIONIDSSO cookie
                E:\Install\jBoss\ApplicationServer\jboss-4.0.4.GA-src\testsuite\src\resources\cluster\http\http-jk\accessSession.jsp(3): response.setHeader("X-TestJSessionID", session.getId());
                Found 48 occurrence(s) in 9 file(s)


                Thanks in advance!

                Burkhard