Reputation: 31
prevent generating new jsessionid?
greetings all my application uses spring framework,spring security 3.0.2 we use apache tomcat as app server the problem is that with each new request to the application a new jsessionid is generated and a new session is created so the user is logged out and that's weird,why generating new jsessionid,how to stop that? i reviewed the code,nothing is creating a new session? is it a framework problem or app server problem or what? your help is very appreciated. thank you.
Upvotes: 0
Views: 1876
Answers (1)
Reputation: 13819
Sounds like you're browser does not receive a valid JSESSIONID cookie (or is blocking it). You can check this by using Firefox with the webdeveloper plugin and check the cookies->view cookies information.
This can be caused by several things, for example: - you servlet server is behind a proxy and does not run on the same domain as you're website and thus creates cookies for a wrong domain (that thus are ignored by you're browser) - you're cookie path is incorrect and thus not available to the rest of the application.
Upvotes: 1
Related Questions
- Spring adds a JSESSIONID despite stateless session management
- Disable JSESSIONID conditionally in Spring-Boot-Web / Tomcat
- How does Spring Security handle JSESSIONID with various Session Creation and Session Fixation combinations?
- Stateless spring application - JSESSIONID still generated
- How to remove JSESSIONID from cookies?
- How can I prevent spring-security from appending ;jsessionid=XXX to login redirects?
- spring security oauth2 disable jsessionid based session
- Spring Security invalidates JSESSIONID when opening a new window
- Preventing re-use of jsessionid
- Why jsessionid is appended to each url?