Menu
Is it possible to override Tomcat's embedded generator of JSESSIONID, to be able to create custom values of this cookie, based on user's login?
Why do I need this: I have a load balancer with "sticky sessions", configured to route requests with the same JSESSIONID to the same server, and I want to prevent situation, when same user can start two different sessions on different servers.
P.S: all this is about Amazon EC2
652
JSESSIONID is a cookie generated by Servlet containers and used for session management in J2EE web applications for HTTP protocol. If a Web server is using a cookie for session management, it creates and sends JSESSIONID cookie to the client and then the client sends it back to the server in subsequent HTTP requests.
Sessions are stored on the server. They can be referenced by a cookie or parameter (JSESSIONID.) It is better not to use the parameter because then the session id shows up in logs, etc and someone could potential hijack it. 2) The session expires after a set period of inactivity (usually 30 or 60 minutes.)
There is a better way to do this: See the tomcat manual on session replication in cluster
61
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
