Change session ID cookie name

Is there a way in Tomcat to change the cookie name for the session ID at the application or the server level? Instead of having JSESSIONID, to change it to something else. If 2 Tomcat servers are running on the same machine and the user goes between the 2 servers in the same browser window (process), then the ID from Tomcat A's session gets overwritten with Tomcat B's session ID, so the original A session is lost when going back to A after having been at B.

URL rewriting and session cookies are two mutually exclusive ways of identifying the user.
What you want to do is find the current session of the user and use that one instead of creating a new session each time the user changes machines. This is a bit of a problem because each Tomcat server keeps a separate list of SessionIDs to compare to the user's SessionID.
You can kind of get around this problem by having the first server create a cookie that is visible to the entire domain, and then each server can fetch that particular cookie rather than looking for an explicit SessionID. For example...
Cookie cookie = new Cookie( "bsampieri.com", getUniqueString() );
cookie.setDomain( ".bsampieri.com" );
cookie.setMaxAge( -1 );
response.addCookie( cookie );And then each server checks for a cookie called "bsampieri.com", gets the identification string from that, and compares it with your list of "valid users" or shopping cart or whatever.

Similar Messages

  • Change session tracking cookie name

    Hello,
    Is there a way to change the default JSESSIONID cookie name to some thing different for session tracking? I've searched around but have not found anything on this subject.
    Thanks.

    Are the web applications deployed at '/' on each server or are they deployed using unique context paths such as /app1, /app2 etc?
    Which of the following represents how you access each app through the reverse proxy server?
    a) http://app1.foo.com/
    http://app2.foo.com/
    where app1.foo.com, app2.foo.com all map to the proxy server which then reverse proxies each URL to the corresponding backend server/app
    or
    b) http://foo.com/app1
    http://foo.com/app2
    where foo.com maps to the proxy server and the proxy server reverse proxies /app1 to one server, /app2 to another and so on

  • Change JSESSIONID Cookie Name

    Can anyone provide a means for changing the JSESSIONID cookie name in IWS 6 to something else?
    I can not locate a mechanism for doing this anywhere.

    Thankyou Sultal for the response.
    Actually we are migrating the application server from Weblogic5.1 to Sun application server 8.2. The client is a mobile client and it sends the Cookie as 'JSESSIONID=session_id_val&WeblogicSession=session_id_val' as parameters, not as request header.It worked fine for Weblogic5.1 but not in Sun Application Server.
    To make it clear :
    Weblogic           :     request.getsession(false) = sessionObj@value
    Sun Application Server      :     request.getsession(false) = null
    Sun Application Server      :     request.getParameter("JSESSIONID") = session_id_val
    In the Weblogic5.1 we have set the cookie & session parameters in the weblogic.properties file as:
    weblogic.httpd.session.cookies.enable=true
    weblogic.httpd.session.cookie.name=WebLogicSession
    weblogic.httpd.session.neverReadPostData=false
    weblogic.httpd.session.timeoutSecs=120
    In case of Sun application server , JSESSIONID is not coming as a cookie , request.getsession(false) is returning null value.Is there a way to initialize the session with JSESSIONID request parameter?

  • Deployment plan cookie-name not applying

    I have a ear containing multiple wars. The EAR has a weblogic-application.xml containing:
    <?xml version="1.0" encoding="UTF-8"?>
    <weblogic-application xmlns="http://www.bea.com/ns/weblogic/90" xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/920/weblogic-application.xsd">
    <application-param>
    <param-name>webapp.encoding.default</param-name>
    <param-value>UTF-8</param-value>
    </application-param>
    <session-descriptor id="ID000193">
    <cookie-name>ZSESSIONID</cookie-name>
    <timeout-secs>900</timeout-secs>
    <id-length>14</id-length>
    <sharing-enabled>true</sharing-enabled>
    <url-rewriting-enabled>false</url-rewriting-enabled>
    </session-descriptor>
    </weblogic-application>
    That is the only place the cookie-name ZSESSIONID is mentioned in any config file in the ear.
    I have a deployment plan that has in part:
    <deployment-plan xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-deployment-plan.xsd" global
    -variables="false">
    <application-name>myapp.ear</application-name>
    <variable-definition>
    <variable>
    <name>SessionDescriptor_CookieName_125796842519611</name>
    <value>XSESSIONID</value>
    </variable>
    </variable-definition>
    <module-override>
    <module-name>myapp.ear</module-name>
    <module-type>ear</module-type>
    <module-descriptor external="false">
    <root-element>weblogic-application</root-element>
    <uri>META-INF/weblogic-application.xml</uri>
    <variable-assignment>
    <name>SessionDescriptor_CookieName_125796842519611</name>
    <xpath>/weblogic-application/session-descriptor/cookie-name</xpath>
    <operation>replace</operation>
    </variable-assignment>
    </module-descriptor>
    <module-descriptor external="false">
    <root-element>application</root-element>
    <uri>META-INF/application.xml</uri>
    </module-descriptor>
    </module-override>
    The change is not having any effect. I know that the plan is being applied since I see "References were found in deployment plan for module ..." in my startup and if I intentionally syntax error the file it fails to launch. This is Weblogic 10.0 MP1 / java 1.5. Any suggestions on how to troubleshoot this or what might cause it?
    Edited by: jhmartin on Dec 4, 2009 11:48 AM

    Hi,
    I have developed a Simple TestCase with Step By Step Instructions It's Working fine for me in WLS-10.3. Please let me know if you are following any thing else...
    http://jaysensharma.wordpress.com/2009/12/16/updating-cookiename-using-plan-xml/
    Thanks
    Jay SenSharma
    http://jaysensharma.wordpress.com (Wonders of WebLogic Are Here)
    Edited by: Jay SenSharma on Dec 16, 2009 1:23 PM

  • Problem Changing session cookie name

    Hi,
    I am running Weblogic 5.1 service sp 6
    I attempted to change the name of the weblogic
    session cookie by modifying the following
    parameter in weblogic.properties
    weblogic.httpd.session.cookie.name=MyCookie
    I also noticed that even if I hust uncomment the line
    weblogic.httpd.session.cookie.name=WebLogicSession
    my application seems to timeout within a few minutes.
    However, when I do this I noticed that my session times out within 5
    minutes.
    I have my timeout set with
    weblogic.httpd.session.timeoutSecs=14400
    Thanks,
    Bill

    I have 2 diff app on one app server. If I change it for the app server, it will be applied to all applications that are running on this server. Right?
    In the servlet specification is written :
    The name of the session tracking cookie must be JSESSIONID.
    My question is : Is there is a possible workaround to change session coockie name on application level, not on app server level?

  • Changing cookie name in Identity Server hangs login

    I changed the cookie name under AMConfig.properties to something other than iPlanetDirectoryPro. After restarting Portal 6.0, the login just loops. It seems to be hung -- but don't know the reason.
    Has anyone experienced this -- or could someone try this out real quick and see if they have the same problem?
    The file I changed was /opt/SUNWam/lib/AMConfig.properties. The line is com.iplanet.am.cookie.name=iPlanetDirectoryPro
    Just change it to com.iplanet.am.cookie.name=iPlanetDirectoryPro1
    Do I need to change anything else for the login to work? Any insight would help.
    John

    You also need to change the comment name in the tooll and then 'use as
    default' option ....
    Jon

  • Configuring Session Cookie Name in Portal DAD

    I have some questions about the proper way to specify the Session Cookie Name (PlsqlSessionCookieName) in the Portal DAD.
    Here's a description of the environment: There are 2 portal servers (portal1, portal2) and 2 infrastructure servers (infra1, infra2). portal1 is tied directly to infra1, and portal2 is tied to infra2. A hardware load-balancer directs traffic from a URL "www.companyname.com" to either portal1 or portal2. The infrastructure databases are kept in synch via a nightly export/import. There is no clustering.
    What should I set the Session Cookie Names to in the Portal DADs? Should they be left blank and thus default to the DAD name? If not, should they be set to identical (both to "portal") or unique values ("portal1" and "portal2")?
    I have read the dads.README file, the notes in the Edit DAD page in Enterprise Manager, and some other documentation and I am confused as to the proper settings.
    Thanks!
    Brian

    It looks like distinct session cookie names are needed.
    Please refer to Oracle HTTP Server Administrator's Guide 10g Release 2 (10.1.2), Section 8 Understanding Modules. Seach for PlsqlSessionCookieName.

  • Cookie name in 5.1 SP8

    Can anyone confirm that the session cookie naming has changed in SP8 -
              we're seeing a cookie called WeblogicSession-VBS which used to just be
              called WeblogicSession. Our web application has a context name of
              "VBS"...
              No one has changed the cookie name setting in the weblogic.properties
              file so it's not that...
              Cheers,
              -Dominic
              

    Yes.
              Now the format is [WebLogicSession]-[WebAppName]
              I think this fix has introduced some other problems in a clustered
              environment.
              In the next Service Pack you will have a single sign-on for webapp's and
              the cookie format
              will again reverts back to WebLogicSession or whatever you specify in the
              properties file.
              Kumar
              Dominic Tulley wrote:
              > Can anyone confirm that the session cookie naming has changed in SP8 -
              > we're seeing a cookie called WeblogicSession-VBS which used to just be
              > called WeblogicSession. Our web application has a context name of
              > "VBS"...
              >
              > No one has changed the cookie name setting in the weblogic.properties
              > file so it's not that...
              >
              > Cheers,
              >
              > -Dominic
              

  • Bad cookie name ..IllegalArgumentException..

    Hello Sir / mam / Friends...
    I am using tomcat 5.0 ..I am getting the following error especially when date changes..Can any body plz help me.?
    May 23, 2004 12:24:27 AM org.apache.coyote.tomcat5.CoyoteAdapter parseCookies
    SEVERE: Bad Cookie Name: Path /Value: /java.lang.IllegalArgumentException: Cookie name "Path" is a reserved token
    at javax.servlet.http.Cookie.<init>(Cookie.java:185)
    at org.apache.coyote.tomcat5.CoyoteAdapter.parseCookies(CoyoteAdapter.java:431)
    at org.apache.coyote.tomcat5.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:332)
    at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:204)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:833)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:732)
    at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:619)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:688)
    at java.lang.Thread.run(Thread.java:534)
    May 23, 2004 12:24:31 AM org.apache.coyote.tomcat5.CoyoteAdapter parseCookies
    SEVERE: Bad Cookie Name: Path /Value: / java.lang.IllegalArgumentException: Cookie name "Path" is a reserved token
    at javax.servlet.http.Cookie.<init>(Cookie.java:185)
    at org.apache.coyote.tomcat5.CoyoteAdapter.parseCookies(CoyoteAdapter.java:431)
    at org.apache.coyote.tomcat5.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:332)
    at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:204)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:833)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:732)
    at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:619)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:688)
    at java.lang.Thread.run(Thread.java:534)

    First of all Thanks for u r help...
    My application is working perfectly fine ..Appln is related to jsp/servlets and java beans.I have nowhere created cookies in my entire application..Its the default cookies that gets created .The problem is whenever you try to access the site it works fine ..no problme in that..but when the date on the server changes then it gave me the above exception..So i think when date changes it is giving me prob..rest of the day whenever I try to access my application it is working fine...I have only used session object i.e its method setAttribute() and getAttribute()..thats all......Is this related to deafult cookies ..I am using Tomcat 5.0 ...Can you plz help me in this...
    Thanks in advance
    Bye

  • Cookie Name

    I have a lot applications in WLS 7, and the CookieName isn't seted, so, weblogic assigns the default name for the generated cookies, this situation cause that the applications lost the sessions.
              For to resolve this problem, I has added in the weblogic.xml file the following instructions:
              <session-descriptor>
              <session-param>
              <param-name>CookieName</param-name>
              <param-value>HubControl_JSESSIONID</param-value>
              </session-param>
              </session-descriptor>
              so, each application have her own cookieName, but (here is the problem)
              With this configuration cause the following problem:
              In my application I have the sentences:
              xmlReply = api.SendAndReceive(xmlQuery);
              and when the XML is generated:
              HttpSession ses = request.getSession();
              ses.setAttribute("xmlReply", xmlReply);
              After that, in other JSP page the XML is taked and parsed:
              String xmlReplyExt = request.getParameter("xmlReply");
              InputSource source = new InputSource(new StringReader(xmlReply));
              DOMParser parser = new DOMParser();
              parser.parse(source);
              Document doc = parser.getDocument();
              Finally, in this step the application throw a paser exception by:
              Error: “The element type "FldDelim" must be terminated by the matching end-tag”
              And if I look into my XML:
              <InformationDesc>Recuperacion de arbol</InformationDesc>
              <FldDelim>;HubControl_JSESSIONID=D8hTJ06fV8yWwltkwdh1LdGpgGh45TXZXlRq2J6TdQ2sMph3K3Gh!1691281523?Tipo=RSS; ;01-01-1900 00:00:00; ;0;;;1;1;1;1;1;1;1;1</Rows>
              <Rows>2;Booking ;2;BK_SATO ;15;BK_SATO_SB ;Sales Briefing;1;H;HTTP ;1;23-03-2013 17:30:48;-1;/booking/administration/briefSale1.jsp; ;01-01-1900 00:00:00;1.00.0000 ;0;;;1;1;1;1;1;1;1;1</Rows>
              And the Tag FldDelim is not closed (this cause the exception).
              The question is:
              Why Weblogic Server 7 put in my XML the cookie session name and not close the XML?
              Why weblogic re-write my XML?

    Yes.
              Now the format is [WebLogicSession]-[WebAppName]
              I think this fix has introduced some other problems in a clustered
              environment.
              In the next Service Pack you will have a single sign-on for webapp's and
              the cookie format
              will again reverts back to WebLogicSession or whatever you specify in the
              properties file.
              Kumar
              Dominic Tulley wrote:
              > Can anyone confirm that the session cookie naming has changed in SP8 -
              > we're seeing a cookie called WeblogicSession-VBS which used to just be
              > called WeblogicSession. Our web application has a context name of
              > "VBS"...
              >
              > No one has changed the cookie name setting in the weblogic.properties
              > file so it's not that...
              >
              > Cheers,
              >
              > -Dominic
              

  • XSQL Session and Cookies

    Hi, Steven,
    I have a question about cookies parameters in include-parameters.
    When set the following in my xsql file:
    <xsql:set-session-param name="current_user" value="{@sessionid}"/>
    <xsql:include-param name="mode"/>
    <xsql:include-request-params/>
    In the xml output, it looks like this.
    <request>
    <parameters>
    </parameters>
    <session/>
    <cookies/>
    </request>
    How come the session and cookies values are not appeared in XML file? However, if I reload the xsql file, the session and cookies values are there. Any idea what might be wrong or it is what should be?
    Thanks in advance.
    Julie Zhu

    I'd expect the cookies not to show up until the page request after the one in which they are set. This is correct since setting the cookies is something that's done on the response. Reading the cookies is reading them from the request.
    Regarding the session variables, it's
    always important to say what Web Servlet / Servlet Engine you're using XSQL with. Perhaps the setting of Servlet session variables behaves differently on different servers.

  • How to change web-app display name within EAR file?

    Currently we are deploying an EAR file (which contains a web-app and an EJB) per
    BEA recommendations. The web-app shows up on the admin console with '/' as the
    name. Is there anyway to change this to the name I want?
    thx,
    Matt

    FYI - here is the entire content of applicaiton.xml in the EAR file we deploy:
    <!DOCTYPE application PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application
    1.3//EN' 'http://java.sun.com/dtd/application_1_3.dtd'>
    <application>
    <display-name>RVApp</display-name>
    <module>
    <ejb>RVTrackingBean</ejb>
    </module>
    <module>
    <web>
    <web-uri>RVWebApp</web-uri>
    <context-root>/</context-root>
    </web>
    </module>
    </application>
    "Erik Johnson" <[email protected]> wrote:
    >
    No, you can't change that in the console. It's defined in the application's
    application.xml
    descriptor file.
    erik
    "Matt Savino" <[email protected]> wrote:
    Currently we are deploying an EAR file (which contains a web-app and
    an EJB) per
    BEA recommendations. The web-app shows up on the admin console with'/'
    as the
    name. Is there anyway to change this to the name I want?
    thx,
    Matt

  • HT5621 I bought my iMac from someone. Everything was changed over to my name however when I try to update programs it only shows the old users apple ID and I can't update. How do I change this so I can update the applications and have everything fully und

    I bought my iMac from someone. Everything was changed over to my name however when I try to update programs it only shows the old users apple ID and I can't update. How do I change this so I can update the applications and have everything fully under me?

    The first thing to do with a second-hand computer is to erase the internal drive and install a clean copy of OS X. You — not the previous owner — must do that. How you do it depends on the model, and on whether you already own another Mac. If you're not sure of the model, enter the serial number on this page. Then find the model on this page to see what OS version was originally installed.
    1. You don't own another Mac.
    If the machine shipped with OS X 10.4 or 10.5, you need a boxed and shrink-wrapped retail Snow Leopard (OS X 10.6) installation disc from the Apple Store or a reputable reseller — not from eBay or anything of the kind. If the machine has less than 1 GB of memory, you'll need to add more in order to install 10.6. Preferably, install as much memory as it can take, according to the technical specifications.
    If the machine shipped with OS X 10.6, you need the installation media that came with it: gray installation discs, or a USB flash drive for some MacBook Air models. For early MBA models, you may need a USB optical drive or Remote Disc. You should have received the media from the previous owner, but if you didn't, order replacements from Apple. A retail disc, or the gray discs from another model, will not work.
    To boot from an optical disc or a flash drive, insert it, then reboot and hold down the C key at the startup chime. Release the key when you see the gray Apple logo on the screen.
    If the machine shipped with OS X 10.7 or later, you don't need media. It should boot into Internet Recovery mode when you hold down the key combination option-command-R at the startup chime. Release the keys when you see a spinning globe.
    2. You do own another Mac.
    If you already own another Mac that was upgraded in the App Store to the version of OS X that you want to install, and if the new Mac is compatible with it, then you can install it. Use Recovery Disk Assistant to create a bootable USB device and boot the new Mac from it by holding down the C key at the startup chime. Alternatively, if you have a Time Machine backup of OS X 10.7.3 or later on an external hard drive (not a Time Capsule or other network device), you can boot from that by holding down the option key and selecting it from the row of icons that appears. Note that if your other Mac was never upgraded in the App Store, you can't use this method.
    Once booted in Recovery, launch Disk Utility and select the icon of the internal drive — not any of the volume icons nested beneath it. In the Partition tab, select the default options: a GUID partition table with one data volume in Mac OS Extended (Journaled) format. This operation will permanently remove all existing data on the drive.
    After partitioning, quit Disk Utility and run the OS X Installer. You will need the Apple ID and password that you used to upgrade. When the installation is done, the system will automatically reboot into the Setup Assistant, which will prompt you to transfer the data from another Mac, its backups, or from a Windows computer. If you have any data to transfer, this is usually the best time to do it.
    Then run Software Update and install all available system updates from Apple. To upgrade to a major version of OS X newer than 10.6, get it from the Mac App Store. Note that you can't keep an upgraded version that was installed by the previous owner. He or she can't legally transfer it to you, and without the Apple ID you won't be able to update it in Software Update or reinstall, if that becomes necessary. The same goes for any App Store products that the previous owner installed — you have to repurchase them.
    3. Other issues
    If you see a lock screen when trying to boot from installation media or in Recovery mode, then a firmware password was set by the previous owner, or the machine was remotely locked via iCloud. You'll either have to contact the owner or take the machine to an Apple Store or another authorized service provider to be unlocked. You may be asked for proof of ownership.
    If the previous owner "accepted" the bundled iLife applications (iPhoto, iMovie, and Garage Band) in the App Store so that he or she could update them, then they're linked to that Apple ID and you won't be able to download them without buying them. Reportedly, Mac App Store Customer Service has sometimes issued redemption codes for these apps to second owners who asked.
    If the previous owner didn't deauthorize the computer in the iTunes Store under his Apple ID, you wont be able to  authorize it immediately under your ID. In that case, you'll either have to wait up to 90 days or contact iTunes Support.
    When trying to create a new iCloud account, you might get a failure message: "Account limit reached." Apple imposes a limit of three iCloud account setups per device. Erasing the device does not reset the limit. You can still use an account that was created on another device, but you won't be able to create a new one. Contact iCloud Support for more information.

  • Changing my apple ID name doesn't work

    Hi all,
    I have following problem which is quite annoying ... So, when I log in on the developer site, my first name is: ezfzsd (which I can't seem to find anywhere on my account)
    When I go to my my apple ID account my first and last name are filled in correctly. If I change both, my last name is edited (as it should be) but my
    the word 'ezfzsd' doesn't change at all. Whatever I do, it keeps displaying the wrong name.
    Does anyone know what the problem might be? Or how to fix this?
    Thanks!

    No idea what  "My apple ID account doesn't work on my itunes but it does on the web" means.
    Please explain

  • How do I change an e-mail name reserved for iCloud?

    How do I change an e-mail name reserved for iCloud?

    Not sure what you mean, do you have an iCloud account that you wish to change the email address of?
    Please explain more fully.

Maybe you are looking for