Follow up: The Solution December 13, 2007Posted by Phill in Application Servers, General J2EE.
Tags: internet explorer, JSESSIONID, multiple session cookies, session cookies, session ids, weblogic
Quick follow up to my previous post. The problem was that there were multiple applications running on one domain – or at least, subdomains.
So, on http://www.domain.com, there was one application (= one JSESSIONID cookie).
Our application was running on subdomain.domain.com, using its own JSESSIONID cookie.
The problem came because the cookie being issued by http://www.domain.com was actually sending the cookie domain as ‘domain.com’ — unfortunately this means that all subdomains share the same cookie.
In Internet Explorer, if you browse to a website: subdomain.domain.com, it will send its own JSESSIONID cookie.. unfortunately, Internet Explorer will then (next request) send two JSESSIONID cookies back: one for domain.com, and one for subdomain.domain.com. This basically means that WebLogic gets confused, and generates a new session cookie… and so on.
So, to summarise, Internet Explorer was the cause of all our problems :p
The solution was to use the weblogic.xml deployment descriptor to change the cookie name:
<session-descriptor> <session-param> <param-name>CookieName</param-name> <param-value>MYJSESSIONID</param-value> </session-param> </session-descriptor>