Announcement Announcement Module
Collapse
No announcement yet.
Who defines JSESSIONID in spring security and how is it done? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Who defines JSESSIONID in spring security and how is it done?

    Hi.
    i am using spring security on top of a application which is based on tomcat. there is an apache proxy in between
    the clients and tomcat. all clients goes to the same proxy.
    I am trying to understand who creates the JSESSION ID cookie on the request.
    for some reason when 2 clients on the same browser send a request to the
    tomcat the spring security defines the same jsession id for them.

    Any idea why this might happen? what distinguishes between one session id and the other.
    Please note that this does not happen when i don't have a proxy.

    Thanks

  • #2
    The cookie is created by the servlet container, in your case tomcat.
    Current browsers share sessions between all windows. If you do not want this just use chrome for session 1 and firefox for session 2.

    Comment

    Working...
    X