Websphere JSESSIONID cookie overwrite between two apps on the same domain (different ports / context roots)

session websphere

Solution 1:

Those two apps are unaware of each other since they're in separate profiles. So I expect the second one sees a session ID it doesn't recognize, assumes it's an expired one, and creates a new one.

You can change one of the application's cookie name to something other than JSESSIONID or you can change its path so that it is only sent back for /app1 or /app2.

Either server-wide under Servers > Server name > Session Management > Enable Cookies or for the particular application(s) under Enterprise Applications > Application name > Session Management > Enable Cookies. If you choose the latter, you have to also check Override session management.

Solution 2:

May be you should set an application specific cookie path so that you restrict the URL a cookie will be sent.

This can be done by enabling Override session management in Enterprise Applications > AppName > Session management and choose Enable cookies > Cookie path > Set cookie path to be equal to the context root of the application e.g. equal to app1 or app2.

To my opinion this is the most preferable way to isolate cookies from apps running in the same host.

Related

Is "inet addr" my or "bcast" my machine's actual IP? [closed]
rsync copies unmodified files between different file systems
Way to ungroup printers when multiple printers share the same IP/port?
Creating new MySQL user... password and privileges not sticking
Multiple HTTPS servers for single website, and single IP?
sendmail config, making open relay
Mount EncFS at boot
Azure VM : Connection refused by host
Tridion 2011 SP1 UGC
Yum update notification when logging on to CentOS server remotely
Postfix service unavailable error
Is Amazon s3 required if am using Cloudfront for files