OC4J JVM Routing Does not Work When JSessionId Cookie is Generated from Custom Filter
(Doc ID 1177103.1)
Last updated on FEBRUARY 13, 2024
Applies to:
Oracle Containers for J2EE - Version 10.1.3.4.0 and laterInformation in this document applies to any platform.
Archived and limited distribution, as the contents is overridden by Note 1586861.1: Security Advisory: Configure OC4J 10.1.3.5 Startup Option to Enable HTTPOnly for HTTP Session Cookie
Symptoms
Wanting to set the "secure" and "httponly" flags for the session cookie, a servlet filter like the following has been created:
This works quite well as long as the OC4J instance consists of only one process, but when running in a cluster with multiple processes/nodes, the" jvmroute"-information is not contained in the so-generated cookie, and thus the session is lost because the mod_oc4j cannot route to the correct OC4J node/process.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |