Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

jsessionid cookie value being reused?

843841Aug 23 2004 — edited May 8 2008

All,

I'm experiencing a session cookie problem when two apps reside on the same server, but different ports.

Suppose I have two browser windows which are different threads under the same process, such as tabs in Mozilla Firefox or a 'parent' and 'child' IE window. If I open two tabs, and navigate to http://myserver:7300/app1 in the first, and http://myserver:7400/app2 in the next, the browser appears to reuse the JSESSIONID value sent from the server in window 1. The headers show:

Window 1:

Request: GET /myapp1/login.do HTTP/1.1 (...)
Response: HTTP/1.1 200 OK (...)
Set-Cookie: JSESSIONID=BqSbl14eLq9VxOTEwzKYuld1VB0Qr17n5rjKBJGxOT4EjpVFnCk9!1415971045; path=/

Window 2:
Request: GET /myapp1/login.do HTTP/1.1 (...)
Cookie: JSESSIONID=BqSbl14eLq9VxOTEwzKYuld1VB0Qr17n5rjKBJGxOT4EjpVFnCk9!1415971045
Response: HTTP/1.1 200 OK (...)
Set-Cookie: JSESSIONID=BqSi212dTTrbYATSSyDfGNmiwC0PNKiGJ7gN0zslyHxSpXTJOsVB!-1687983613; path=/

In the second window the server clearly sends a separate session id, but the browser sends back the cookie received in the first window. This has the effect of preventing the user from using both apps at once in a tabbed browser. The server gets the sessions confused and they get booted out of the first app when they log in to the seond.

Has anyone else seen a similar situation?

Thanks for your help,

Brian

Locked Post

New comments cannot be posted to this locked post.

Locked on Jun 5 2008

Added on Aug 23 2004

#java-servlet

4 comments

786 views