Per the Java Servlet Specification (SRV.7.1.1):
"The name of the session tracking cookie must be JSESSIONID."
However, there are some use cases where it may be a practical option to use a different session cookie name. For example:
1) WebLogic migrations where application code depends on a non-standard session cookie name. The session cookie name is configurable in WebLogic.
2) Use cases not solved by the emptySessionPath connector attribute, which sets the cookie path to "/" and causes session ids to be propagated across all subdomains. This is the normal use case for single sign-on. However, there may be use cases where select groups of subdomains are validated against different stores.
Description
Per the Java Servlet Specification (SRV.7.1.1):
"The name of the session tracking cookie must be JSESSIONID."
However, there are some use cases where it may be a practical option to use a different session cookie name. For example:
1) WebLogic migrations where application code depends on a non-standard session cookie name. The session cookie name is configurable in WebLogic.
2) Use cases not solved by the emptySessionPath connector attribute, which sets the cookie path to "/" and causes session ids to be propagated across all subdomains. This is the normal use case for single sign-on. However, there may be use cases where select groups of subdomains are validated against different stores.
Feature Request
Resolved
Major
Configurable JSESSIONID Cookie Name
