jump to navigation

Follow up: The Solution December 13, 2007

Posted by Phill in Application Servers, General J2EE.
Tags: , , , , ,
comments closed

Quick follow up to my previous post. The problem was that there were multiple applications running on one domain – or at least, subdomains.

So, on http://www.domain.com, there was one application (= one JSESSIONID cookie).

Our application was running on subdomain.domain.com, using its own JSESSIONID cookie.

The problem came because the cookie being issued by http://www.domain.com was actually sending the cookie domain as ‘domain.com’ — unfortunately this means that all subdomains share the same cookie.

In Internet Explorer, if you browse to a website: subdomain.domain.com, it will send its own JSESSIONID cookie.. unfortunately, Internet Explorer will then (next request) send two JSESSIONID cookies back: one for domain.com, and one for subdomain.domain.com. This basically means that WebLogic gets confused, and generates a new session cookie… and so on.

So, to summarise, Internet Explorer was the cause of all our problems :p

The solution was to use the weblogic.xml deployment descriptor to change the cookie name: