Two applications on the same server use the same JSESSIONID

Question

(I am using spring-security and tomcat 6)

I have two applications A and B which are running on the same server. I have a situation which I am unable to solve.

When I log in the A application, JSESSION takes a new value, say v-a.
(This might be irrelevant, but might be good as well: As I am using spring security and I have enabled the session-migration, every time I request for the index page, a new value will be assigned to JSESSIONID)

Then I request for B application. The request goes with JESSIONID = v-a, and the JSESSIONID takes a new value, say v-b. (most probably because of session-migration the old value is replaced with the new one).

Now when I want to use A application, the requests goes with JESSIONID = v-b! Which means that these two applications are using the same session? And the nasty thing about it is that I am thrown away from the first application and have to log in again...

This only happens when they both use the same IP. I have logged in the very same two applications with different IPs with no problem.

Any help would be appreciated. If you need extra information, just let me know.

Answer 1

Here is the complete details:

Application A uses localhost:8080/dtts/dtts/a
Application B uses localhost:8080/dtts/dtts/b

For every URL/Path a cookie with name JSESSIONID is set. For both applications we have:
URL: localhost
Path: dtts (and the rest is ignored)

That's why the second cookie replaces the first one. Problem solved.