How to change jsessionid cookie path to server root in Spring app on Jetty?
Attempt #4 is on the right track.
Providing I am reading this right, you're using the maven configuration on the context /app which means in your web.xml the / your settings is /app because that is the root of the context you're configuring.
Put another way you can't configure the session for www.foo.com/ if you are only deploying into the www.foo.com/app context, imagine if someone else were deploying apps into that url, you can't just decide to make your session cookies apply to everyone operating under that url.
Related videos on Youtube
Comments
-
Tauren over 2 years
I have a Jetty server running a Spring app on the
/app
context. The app uses sessions, so it sets a session cookie, which responds like this:set-cookie:JSESSIONID=679b6291-d1cc-47be-bbf6-7ec75214f4e5; Path=/app; HttpOnly
I need that cookie to have a path of
/
instead of the webapp's context. Plus I want to use secure cookies. I want this response:set-cookie:JSESSIONID=679b6291-d1cc-47be-bbf6-7ec75214f4e5; Path=/; HttpOnly; Secure
Where is the proper place to configure the session cookie? Does spring help with this? Should it be in
web.xml
? Or do I need to configure it in a container specific way, such asjetty-web.xml
?I've tried a bunch of things, but nothing has worked so far. Below are some things I tried.
Attempt #1
Created
WEB-INF/jetty-web.xml
with the following:<Configure class="org.eclipse.jetty.webapp.WebAppContext"> <Get name="sessionHandler"> <Get name="sessionManager"> <Set name="sessionCookie">MYJETTYSESSION</Set> <Set name="sessionPath">/</Set> <Set name="secureCookies" type="boolean">true</Set> <Set name="httpOnly" type="boolean">true</Set> </Get> </Get> </Configure>
This causes an exception to be thrown:
2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Set name="sessionPath">/</Set> java.lang.NoSuchMethodException: class org.eclipse.jetty.server.session.HashSessionManager.setSessionPath(class java.lang.String) 2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Get name="sessionManager"><Set name="sessionCookie">MYJETTYSESSION</Set><Set name="sessionPath">/</Set><Set name="secureCookies">true</Set><Set name="httpOnly">true</Set></Get> java.lang.NoSuchMethodException: class org.eclipse.jetty.server.session.HashSessionManager.setSessionPath(class java.lang.String) 2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Get name="sessionHandler"><Get name="sessionManager"><Set name="sessionCookie">MYJETTYSESSION</Set><Set name="sessionPath">/</Set><Set name="secureCookies">true</Set><Set name="httpOnly">true</Set></Get></Get> java.lang.NoSuchMethodException: class
The full stack trace is in this gist.
Attempt #2
Created
WEB-INF/jetty-web.xml
with the following:<Configure class="org.eclipse.jetty.webapp.WebAppContext"> <Call name="setInitParameter"> <Arg>org.eclipse.jetty.servlet.SessionCookie</Arg> <Arg>MYSESSIONID</Arg> </Call> <Call name="setInitParameter"> <Arg>org.eclipse.jetty.servlet.SessionIdPathParameterName</Arg> <Arg>mysessionid</Arg> </Call> <Call name="setInitParameter"> <Arg>org.eclipse.jetty.servlet.SessionPath</Arg> <Arg>/</Arg> </Call> </Configure>
This does not cause any exception, but the cookie is still
JSESSIONID
and contains the webapp context path/app
.Attempt #3
Updated
WEB-INF/web.xml
with the following:<context-param> <param-name>org.eclipse.jetty.servlet.SessionPath</param-name> <param-value>/</param-value> </context-param> <context-param> <param-name>org.eclipse.jetty.servlet.SessionCookie</param-name> <param-value>MYSESS</param-value> </context-param>
This does not cause any exception, but the cookie is still
JSESSIONID
and contains the webapp context path/app
.Attempt #4
Updated
WEB-INF/web.xml
with the following:<session-config> <session-timeout>720</session-timeout> <cookie-config> <name>SZSESSION</name> <path>/</path> <http-only>true</http-only> <secure>true</secure> </cookie-config> </session-config>
This does not cause any exception, but the cookie is still
JSESSIONID
and contains the webapp context path/app
.Maven configuration
Note that I'm using Jetty Maven Plugin version 8.1.5.v20120716 and doing a
mvn jetty:run
:<jetty.maven.plugin.version>8.1.5.v20120716</jetty.maven.plugin.version> <spring.version>3.0.0.RELEASE</spring.version> ... <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>${jetty.maven.plugin.version}</version> <configuration> <scanIntervalSeconds>10</scanIntervalSeconds> <reload>manual</reload> <stopPort>${jetty.stop.port}</stopPort> <stopKey>foo</stopKey> <webAppConfig> <contextPath>/app</contextPath> </webAppConfig> </configuration> ... </plugin>
-
Parth Patel about 6 yearsI tried Attempt #4 but the cookie is still JSESSIONID. so please suggest how you solve your problem.
-