Jakub S.
Reputation: 628
Changing the JSESSIONID cookie name to something else with Spring Boot Security
I would like to change the name of the JSESSIONID cookie to something else to make it more difficult for potential attackers to guess what technology my application is using.
Is this possible in Spring Boot with Spring Security? I've been able to find solutions for Spring Boot with Spring Session but none that would work without the Session extension (which I'm not using).
Upvotes: 2
Views: 5677
Answers (2)
0gam
Reputation: 1423
You can change cookie name in your application.yml
Like this :
server:
servlet:
session:
cookie:
name: TEST_JSESSIONID
or
@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setCookieName("TEST_JSESSIONID");
serializer.setCookiePath("/");
serializer.setDomainNamePattern("^.+?\\.(\\w+\\.[a-z]+)$");
return serializer;
}
https://docs.spring.io/spring-session/docs/current/reference/html5/guides/java-custom-cookie.html
Upvotes: 2
Spectric
Reputation: 31997
You can configure it in your web.xml like so:
<session-config>
<cookie-config>
<name>cookie name</name>
</cookie-config>
</session-config>
Upvotes: 1
Related Questions
- Renaming JSESSIONID
- Changing cookie JSESSIONID name
- How to remove JSESSIONID from cookies?
- How to set cookie domain and path with Spring boot
- Remove JSESSIONID cookie from Spring Application
- Modify JSESSIONID cookie in request headers
- Updating JSESSIONID cookie value
- how to set JSESSIONID cookie as secure using Spring security 2 and Apache Tomcat 7 setting
- How to have a custom cookie name in spring security
- JAVA Change JSESSIONID cookie