tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Endre StĂžlsvik <>
Subject Re: Changing session-cookie(JSESSIONID) name in tomat
Date Mon, 23 Aug 2004 17:21:53 GMT
On Mon, 23 Aug 2004, Dineshram Villuri wrote:

| I have two applications running on different tomcats in the same physical
| box. Both applications use the same authentication mechanism (wherein when 2
| users are logged in with the same username the earlier one is kicked
| out/logged off). At any time there should be only one user logged in with
| the same user name. Though both these use the same mechanism they are 2
| independent application but for some weird reasons should run on the same
| box.
| Now we understand that the problem is with the cookie-name JSESSIONID. Since
| both the applications are having the same cookie name(JSESSIONID) if one
| user logs on into app1 and an other one is logged on to app2(diff tomcat)
| with the same username the earlier one is kicked out.
| We are facing this problem only when 2 tomcats are running on the same box.
| When they are running on different boxes it works fine but we have to run
| them on the same box for other reasons.
| Can someone please point me to a different solution (if available) in case
| JSESSIONID cannot be changed?

You could use virtual hosts - tell your users that the first application
is found at, while the other application is found at Then use DNS to configure these two names to be the
same IP, either using A records, or CNAMEs.

But I also have difficulties with understanding the problem, as the cookie
should also have the "pathname" of the application within its data. That
is, a browser sends different cookies to than to But you have a problem if you have put your
application as the ROOT webapp, since you then get The
cookie from this ROOT webapp will then override all the other cookies, I
believe.. Or was it the other way, that the most specific cookie is sent
along? See, I don't remember.. But check this out..


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message