WebLogic Does Not Handle Duplicate Session Cookies
(Doc ID 2059618.1)
Last updated on AUGUST 17, 2023
Applies to:
Oracle WebLogic Server - Version 10.3.4 to 12.1.2.0.0Information in this document applies to any platform.
Symptoms
Below is a scenario for multiple JSESSIONIDs:
- WebLogic Server (WLS_1) hosting a application (APP1), with default session cookie name (JSESSIONID), on host1.domain
- WebLogic Server (WLS_2) hosting an application (APP2), with default session cookie name (JSESSIONID), on host2.domain
- When the user accesses host1.domain/APP1, a session cookie set like (COOKIE1): Name: JSESSIONID -- Value:<JSESSIONID1>... -- Domain: host1.domain -- Path: / is generated.
- When the user accesses host2.domain/cs, a session cookie set like (COOKIE2): Name: JSESSIONID -- Value: <JSESSIONID2>... -- Domain: host2.domain -- Path: / is generated.
- Firefox or Chrome will only send the cookie with the best matching path to the WebLogic Server. -> No Problem.
- Internet Explorer (IE) (any version) will send both cookies to the WebLogic Server. -> User ends up in a infinite loop.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |