How to have a custom cookie name in spring security

Question

I have two applications A and B which are running on the same server, with different ports. As cookies are not port-specific, these two applications are using the same cookie JSESSIONID. When I log in to one of them, I get kicked out from the other.

So I need to modify the cookie name for each of these applications. How can I have a custom cookie name? If it helps, I am using spring security.

---

Problem Solved
As Michael pointed out, I did not need to change the JSESSIONID name at all. Both applications use the same URL/Path and that's why the second cookie replaces the first one.

Answer 1

You should not change the name of the JSESSIONID cookie. The cookies are not port specific but they are application path specific. The default behavior is to set the JSESSIONID cookie according to the application path and the cookie from one application should not interfere with the cookie of the second application. I take spring-security-samples-contacts-3.1.0.RELEASE.war and copy it twice to the webapp folder of the same server: test.war and contacts.war. I have opened both application in the same browser. I use Fiddler and I see the following: When I login to the contacts application Tomcat set cookie to path contacts:

Set-Cookie: JSESSIONID=408F79D16A8665C73F5C30D66B102DA6; Path=/contacts/; HttpOnly

Similar with the test application:

Set-Cookie: JSESSIONID=ECAE9734E9A277F1E96D678BB67E558B; Path=/test/; HttpOnly

Then, I can work on both applications in the same time without a problem