0

(I am using spring-security and tomcat 6)

I have two applications A and B which are running on the same server. I have a situation which I am unable to solve.

When I log in the A application, JSESSION takes a new value, say v-a.
(This might be irrelevant, but might be good as well: As I am using spring security and I have enabled the session-migration, every time I request for the index page, a new value will be assigned to JSESSIONID)

Then I request for B application. The request goes with JESSIONID = v-a, and the JSESSIONID takes a new value, say v-b. (most probably because of session-migration the old value is replaced with the new one).

Now when I want to use A application, the requests goes with JESSIONID = v-b! Which means that these two applications are using the same session? And the nasty thing about it is that I am thrown away from the first application and have to log in again...

This only happens when they both use the same IP. I have logged in the very same two applications with different IPs with no problem.

Any help would be appreciated. If you need extra information, just let me know.

Improve this question
2
  • I think that Fiddler trace will help to understand what is the problem. You can attach it to the question :) Commented May 28, 2013 at 10:35
  • In particular look at the path attributes of your session cookies. Commented May 28, 2013 at 10:51

1 Answer 1

Reset to default
2

Here is the complete details:

Application A uses localhost:8080/dtts/dtts/a
Application B uses localhost:8080/dtts/dtts/b

For every URL/Path a cookie with name JSESSIONID is set. For both applications we have:
URL: localhost
Path: dtts (and the rest is ignored)

That's why the second cookie replaces the first one. Problem solved.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.