Changing cookie JSESSIONID name

Question

I have a requirement of having to run multiple tomcat server in single physical box. While accessing these from a browser, when user switches between the applications, it results in logging out the user previously access application. This is because of JSESSIONID cookie conflict.

One possible solution is to run each applications in different context. Unfortunately, my applications will not work in context path setting as none of the resources are accessed with request.getContextPath() prepended in front.

This leaves me to change the name of cookie JSESSIONID to resolve the conflict. Is there a way to do this? If yes, how?

Hope I'm clear in stating my question.

Note: All my application are running in different port in the same machine.

How are you managing to run "multiple tomcat server" on the same ports as each other at the same time? — Harry Lime, May 18 '09 at 10:28

score 65 · Answer 1 · answered Jun 06 '14 at 12:18

65

Everything is much simpler with Servlet API 3.0.

Now you can configure it in your web.xml:

<session-config>
    <cookie-config>
        <name>MY_JSESSIONID_YAHOOOOOO</name>
    </cookie-config>
</session-config>

That's it!

answered Jun 06 '14 at 12:18

walv

2,680
3
31
36

3

the best answer! – x4k3p Dec 15 '17 at 13:58
I did use this configuration but, seems like it is not working all the time, because of that I asked my question here and got some other suggestion.https://stackoverflow.com/questions/54698948/renaming-jsessionid – smile Feb 17 '19 at 15:33
Does anyone have a solution to this in a Spring boot application? Would be a great help – Jawadh Salih Rifath Feb 12 '20 at 05:25
@JawadhSalihRifath in your application properties server.servlet.session.cookie.name= – CodeMonkey Feb 27 '20 at 20:44

score 18 · Answer 2 · answered Dec 08 '13 at 03:17

18

The following works for me on Tomcat7 in the context.xml file:

<Context path="/yourApp" sessionCookieName="custom_session_id">

answered Dec 08 '13 at 03:17

Joseph Lust

19,340
7
85
83

score 14 · Answer 3 · edited Nov 03 '13 at 07:55

14

By Using two following system properties this can be achieved with ease.

org.apache.catalina.SESSION_COOKIE_NAME
org.apache.catalina.SESSION_PARAMETER_NAME

Any value can be passed to above properties to change the default values.

Here complete details with some sample script is found.

edited Nov 03 '13 at 07:55

lkamal

3,788
1
20
34

answered Oct 28 '10 at 04:18

user489641

141
1
3

1

This does not work anymore for Tomcat7+. Now you can set it in the Context configuration, see @timkingman's answer. – Thilo May 13 '14 at 01:22
I did this on tomcat 6 , but still I am getting the same problem – Cork Kochi May 06 '16 at 11:30

score 12 · Answer 4 · answered May 25 '12 at 13:16

12

Tomcat 7 moves this from org.apache.catalina.SESSION_COOKIE_NAME to an attribute on the main <Context> config. http://tomcat.apache.org/migration-7.html#Session_manager_configuration

answered May 25 '12 at 13:16

timkingman

121
1
3

score 4 · Answer 5 · answered May 18 '09 at 12:23

4

I don't think it's possible at this point - see https://issues.apache.org/bugzilla/show_bug.cgi?id=42419

The last entry states "This has been fixed in 5.5.x and will be included in 5.5.28 onwards" - which is the next point release - 5.5.27 is the current release.

answered May 18 '09 at 12:23

Martin

1,328
8
11

Thanks for digging this out. Looks like only option left for me is to modify the existing tomcat source. The bug/feature report clearly states my exact requirement and solution. Thanks for the answer. – ramanr May 18 '09 at 12:58

matt b · Answer 6 · 2009-05-18T13:15:20.420

2

Not 100% sure if this will work, but you can use the jvmRoute attribute, which is generally used in a load-balanced/clustered environment for the load balancers to be able to tell the nodes apart. Example:

<Engine name="Catalina" defaultHost="localhost" jvmRoute="node1">

This will end up generating a JSESSIONID value that looks like "ABCDEF123456.node1".

Documentation link.

edited May 18 '09 at 13:15

answered May 18 '09 at 12:56

matt b

138,234
66
282
345

This about the value of the cookie, not its name, right? – David Balažic Apr 13 '15 at 10:01

score 0 · Answer 7 · answered Sep 11 '20 at 10:33

0

I found it in Tomcat at /tomcat/conf/server.xml

server.xml

<Engine name="Catalina" defaultHost="localhost" jvmRoute="instanceName">

5D33F755D8D75EF7C8E840.instanceName

answered Sep 11 '20 at 10:33

Nilesh

1,013
14
21

score 0 · Answer 8 · answered Jan 21 '22 at 15:57

    final SessionCookieConfig sessionCookieConfig = servletContext.getSessionCookieConfig();
    sessionCookieConfig.setSecure(true);
    sessionCookieConfig.setHttpOnly(true);
    // Set __Host- prefix
    sessionCookieConfig.setName("__Host-JSESSIONID");

Changing cookie JSESSIONID name

8 Answers8

Linked