• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How can i change the session name of a certain war

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
is it possible to change the session-name (JSESSIONID into NEWSESSIONID) of a webcontainer in the applicationserver (Tomcat 6). I do not want to change the session name of every webcontainer on the appserver - i want to do this for a certain war.

thanks Michael


 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You really shouldn't be messing around with the sessionid stuff at all. It isn't yours and it isn't the application's. It belongs to the server.
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

micha koern wrote:Hi,
is it possible to change the session-name (JSESSIONID into NEWSESSIONID) of a webcontainer in the applicationserver (Tomcat 6). I do not want to change the session name of every webcontainer on the appserver - i want to do this for a certain war.

thanks Michael




Note that a session ID is unique/attached to a single user / application combination. Each user of that application will get a separate ID.

I suppose you could grab all the information in session A, use invalidate() to make the system drop it, then get a new session and replace the information.

Note that the actual session ID would be generated by the container - like Tim said, you should let the container handle actual ID values.

If you could manage a coherent explanation of why you need this, I imagine other solutions will be suggested.

Bill
 
Tim Holloway
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Actually, Bill, what Micha really asked was how to change the URL appendage (and possibly cookie name) from the stock "jsessionid" to "NEWSESSIONID".

Since the primary usage of that particular request decoration is to be consumed by the server - which may or may not have gotten around to figuring out which webapp is being selected at the point where the sessionID is determined. In any event, it's not something to mess around with for the sheer vanity of it.

Also, in case there are people who haven't heard yet, the actual session ID is NOT invariant. For example, when Tomcat switches from http to https, a new session ID is created and the old session ID is deleted from the Tomcat session cache. The user's session object remains, but now it can only be addressed via the new session ID. This is to prevent hackers from using a publicly-known session ID to gain access to a secured session. The secured session ID is transmitted under TLS encryption and therefore only known to client and server. Unlike the non-TLS session ID, which can be sniffed off the network.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic