<p>I have a Jetty server running a Spring app on the <code>/app</code> context. The app uses sessions, so it sets a session cookie, which responds like this:</p> <pre class="prettyprint"><code>set-cookie:JSESSIONID=679b6291-d1cc-47be-bbf6-7ec75214f4e5; Path=/app; HttpOnly </code></pre> <p>I need that cookie to have a path of <code>/</code> instead of the webapp's context. Plus I want to use secure cookies. I want this response:</p> <pre class="prettyprint"><code>set-cookie:JSESSIONID=679b6291-d1cc-47be-bbf6-7ec75214f4e5; Path=/; HttpOnly; Secure </code></pre> <p>Where is the proper place to configure the session cookie? Does spring help with this? Should it be in <code>web.xml</code>? Or do I need to configure it in a container specific way, such as <code>jetty-web.xml</code>?</p> <p>I've tried a bunch of things, but nothing has worked so far. Below are some things I tried.</p> <hr> <h3>Attempt #1</h3> <p>Created <code>WEB-INF/jetty-web.xml</code> with the following:</p> <pre class="prettyprint"><code><Configure class="org.eclipse.jetty.webapp.WebAppContext"> <Get name="sessionHandler"> <Get name="sessionManager"> <Set name="sessionCookie">MYJETTYSESSION</Set> <Set name="sessionPath">/</Set> <Set name="secureCookies" type="boolean">true</Set> <Set name="httpOnly" type="boolean">true</Set> </Get> </Get> </Configure> </code></pre> <p>This causes an exception to be thrown:</p> <pre class="prettyprint"><code>2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Set name="sessionPath">/</Set> java.lang.NoSuchMethodException: class org.eclipse.jetty.server.session.HashSessionManager.setSessionPath(class java.lang.String) 2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Get name="sessionManager"><Set name="sessionCookie">MYJETTYSESSION</Set><Set name="sessionPath">/</Set><Set name="secureCookies">true</Set><Set name="httpOnly">true</Set></Get> java.lang.NoSuchMethodException: class org.eclipse.jetty.server.session.HashSessionManager.setSessionPath(class java.lang.String) 2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Get name="sessionHandler"><Get name="sessionManager"><Set name="sessionCookie">MYJETTYSESSION</Set><Set name="sessionPath">/</Set><Set name="secureCookies">true</Set><Set name="httpOnly">true</Set></Get></Get> java.lang.NoSuchMethodException: class </code></pre> <p>The full stack trace is in this gist.</p> <h3>Attempt #2</h3> <p>Created <code>WEB-INF/jetty-web.xml</code> with the following:</p> <pre class="prettyprint"><code><Configure class="org.eclipse.jetty.webapp.WebAppContext"> <Call name="setInitParameter"> <Arg>org.eclipse.jetty.servlet.SessionCookie</Arg> <Arg>MYSESSIONID</Arg> </Call> <Call name="setInitParameter"> <Arg>org.eclipse.jetty.servlet.SessionIdPathParameterName</Arg> <Arg>mysessionid</Arg> </Call> <Call name="setInitParameter"> <Arg>org.eclipse.jetty.servlet.SessionPath</Arg> <Arg>/</Arg> </Call> </Configure> </code></pre> <p>This does not cause any exception, but the cookie is still <code>JSESSIONID</code> and contains the webapp context path <code>/app</code>.</p> <h3>Attempt #3</h3> <p>Updated <code>WEB-INF/web.xml</code> with the following:</p> <pre class="prettyprint"><code><context-param> <param-name>org.eclipse.jetty.servlet.SessionPath</param-name> <param-value>/</param-value> </context-param> <context-param> <param-name>org.eclipse.jetty.servlet.SessionCookie</param-name> <param-value>MYSESS</param-value> </context-param> </code></pre> <p>This does not cause any exception, but the cookie is still <code>JSESSIONID</code> and contains the webapp context path <code>/app</code>.</p> <h3>Attempt #4</h3> <p>Updated <code>WEB-INF/web.xml</code> with the following:</p> <pre class="prettyprint"><code><session-config> <session-timeout>720</session-timeout> <cookie-config> <name>SZSESSION</name> <path>/</path> <http-only>true</http-only> <secure>true</secure> </cookie-config> </session-config> </code></pre> <p>This does not cause any exception, but the cookie is still <code>JSESSIONID</code> and contains the webapp context path <code>/app</code>.</p> <h3>Maven configuration</h3> <p>Note that I'm using Jetty Maven Plugin version 8.1.5.v20120716 and doing a <code>mvn jetty:run</code>:</p> <pre class="prettyprint"><code><jetty.maven.plugin.version>8.1.5.v20120716</jetty.maven.plugin.version> <spring.version>3.0.0.RELEASE</spring.version> ... <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>${jetty.maven.plugin.version}</version> <configuration> <scanIntervalSeconds>10</scanIntervalSeconds> <reload>manual</reload> <stopPort>${jetty.stop.port}</stopPort> <stopKey>foo</stopKey> <webAppConfig> <contextPath>/app</contextPath> </webAppConfig> </configuration> ... </plugin> </code></pre>

<p>Attempt #4 is on the right track.</p> <p>Providing I am reading this right, you're using the maven configuration on the context /app which means in your web.xml the / your settings <em>is</em> /app because that is the root of the context you're configuring.</p> <p>Put another way you can't configure the session for www.foo.com/ if you are only deploying into the www.foo.com/app context, imagine if someone else were deploying apps into that url, you can't just decide to make your session cookies apply to everyone operating under that url.</p>

How to change jsessionid cookie path to server root in Spring app on Jetty?

I have a Jetty server running a Spring app on the /app context. The app uses sessions, so it sets a session cookie, which responds like this:

set-cookie:JSESSIONID=679b6291-d1cc-47be-bbf6-7ec75214f4e5; Path=/app; HttpOnly

I need that cookie to have a path of / instead of the webapp's context. Plus I want to use secure cookies. I want this response:

set-cookie:JSESSIONID=679b6291-d1cc-47be-bbf6-7ec75214f4e5; Path=/; HttpOnly; Secure

Where is the proper place to configure the session cookie? Does spring help with this? Should it be in web.xml? Or do I need to configure it in a container specific way, such as jetty-web.xml?

I've tried a bunch of things, but nothing has worked so far. Below are some things I tried.

Attempt #1

Created WEB-INF/jetty-web.xml with the following:

<Configure class="org.eclipse.jetty.webapp.WebAppContext">
    <Get name="sessionHandler">
      <Get name="sessionManager">
        <Set name="sessionCookie">MYJETTYSESSION</Set>
        <Set name="sessionPath">/</Set>
        <Set name="secureCookies" type="boolean">true</Set>
        <Set name="httpOnly" type="boolean">true</Set>
      </Get>
    </Get>
</Configure>

This causes an exception to be thrown:

2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Set name="sessionPath">/</Set> java.lang.NoSuchMethodException: class org.eclipse.jetty.server.session.HashSessionManager.setSessionPath(class java.lang.String)
2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Get name="sessionManager"><Set name="sessionCookie">MYJETTYSESSION</Set><Set name="sessionPath">/</Set><Set name="secureCookies">true</Set><Set name="httpOnly">true</Set></Get> java.lang.NoSuchMethodException: class org.eclipse.jetty.server.session.HashSessionManager.setSessionPath(class java.lang.String)
2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Get name="sessionHandler"><Get name="sessionManager"><Set name="sessionCookie">MYJETTYSESSION</Set><Set name="sessionPath">/</Set><Set name="secureCookies">true</Set><Set name="httpOnly">true</Set></Get></Get> java.lang.NoSuchMethodException: class

The full stack trace is in this gist.

Attempt #2

Created WEB-INF/jetty-web.xml with the following:

<Configure class="org.eclipse.jetty.webapp.WebAppContext">
    <Call name="setInitParameter">
        <Arg>org.eclipse.jetty.servlet.SessionCookie</Arg>
        <Arg>MYSESSIONID</Arg>
    </Call>
    <Call name="setInitParameter">
        <Arg>org.eclipse.jetty.servlet.SessionIdPathParameterName</Arg>
        <Arg>mysessionid</Arg>
    </Call>
    <Call name="setInitParameter">
        <Arg>org.eclipse.jetty.servlet.SessionPath</Arg>
        <Arg>/</Arg>
    </Call>
</Configure>

This does not cause any exception, but the cookie is still JSESSIONID and contains the webapp context path /app.

Attempt #3

Updated WEB-INF/web.xml with the following:

<context-param>
    <param-name>org.eclipse.jetty.servlet.SessionPath</param-name>
    <param-value>/</param-value>
</context-param>
<context-param>
    <param-name>org.eclipse.jetty.servlet.SessionCookie</param-name>
    <param-value>MYSESS</param-value>
</context-param>

This does not cause any exception, but the cookie is still JSESSIONID and contains the webapp context path /app.

Attempt #4

Updated WEB-INF/web.xml with the following:

<session-config>
    <session-timeout>720</session-timeout>
    <cookie-config>
        <name>SZSESSION</name>
        <path>/</path>
        <http-only>true</http-only>
        <secure>true</secure>
    </cookie-config>
</session-config>

This does not cause any exception, but the cookie is still JSESSIONID and contains the webapp context path /app.

Maven configuration

Note that I'm using Jetty Maven Plugin version 8.1.5.v20120716 and doing a mvn jetty:run:

<jetty.maven.plugin.version>8.1.5.v20120716</jetty.maven.plugin.version>
<spring.version>3.0.0.RELEASE</spring.version>
  ...
<plugin>
    <groupId>org.mortbay.jetty</groupId>
    <artifactId>jetty-maven-plugin</artifactId>
    <version>${jetty.maven.plugin.version}</version>
    <configuration>
        <scanIntervalSeconds>10</scanIntervalSeconds>
        <reload>manual</reload>
        <stopPort>${jetty.stop.port}</stopPort>
        <stopKey>foo</stopKey>
        <webAppConfig>
              <contextPath>/app</contextPath>
        </webAppConfig>
    </configuration>
       ...
</plugin>

What is Jsessionid in cookie?

JSESSIONID is a cookie generated by Servlet containers and used for session management in J2EE web applications for HTTP protocol. If a Web server is using a cookie for session management, it creates and sends JSESSIONID cookie to the client and then the client sends it back to the server in subsequent HTTP requests.

How do I get session cookies in spring boot?

To set a cookie in Spring Boot, we can use HttpServletResponse class's method addCookie() . All you need to do is to create a new instance of Cookie class and add it to the response.

How do I set cookies in spring boot?

In a Spring Boot application, a cookie can be set by using the Cookie class and add in server response using HttpServletResponse class, similarly, a cookie can be retrieved by using @CookieValue annotation.

Attempt #4 is on the right track.

Providing I am reading this right, you're using the maven configuration on the context /app which means in your web.xml the / your settings is /app because that is the root of the context you're configuring.

Put another way you can't configure the session for www.foo.com/ if you are only deploying into the www.foo.com/app context, imagine if someone else were deploying apps into that url, you can't just decide to make your session cookies apply to everyone operating under that url.

How to change jsessionid cookie path to server root in Spring app on Jetty?

Tags:

java

spring

session-cookies

jetty

maven-jetty-plugin

Attempt #1

Attempt #2

Attempt #3

Attempt #4

Maven configuration

Tauren

People also ask

1 Answers

jesse mcconnell

Recent Activity

Donate For Us

How to change jsessionid cookie path to server root in Spring app on Jetty?

Tags:

java

spring

session-cookies

jetty

maven-jetty-plugin

Attempt #1

Attempt #2

Attempt #3

Attempt #4

Maven configuration

Tauren

People also ask

1 Answers

jesse mcconnell

Related questions

Recent Activity

Donate For Us