WebLogic Does Not Handle Duplicate Session Cookies (Doc ID 2059618.1)

Last updated on AUGUST 01, 2016

Applies to:

Oracle WebLogic Server - Version 10.3.4 to 12.1.2.0.0
Information in this document applies to any platform.

Symptoms

 Below is a scenario for multiple JSESSIONIDs:
 
- WebLogic Server (WLS_1) hosting a application (APP1), with default session cookie name (JSESSIONID), on mycompany.com.
- WebLogic Server (WLS_2) hosting an application (APP2), with default session cookie name (JSESSIONID), on wcc.mycompany.com.
- When the user accesses mycompany.com/APP1, a session cookie set like (COOKIE1): Name: JSESSIONID -- Value: dsf4RRF... -- Domain: mycompany.com -- Path: / is generated.
- When the user accesses wcc.mycompany.com/cs, a session cookie set like (COOKIE2): Name: JSESSIONID -- Value: asD34d... -- Domain: wcc.mycompany.com -- Path: / is generated.

- Firefox or Chrome will only send the cookie with the best matching path to the webLogic Server. -> No Problem.

- Internet Explorer (IE)  (any version) will send both cookies to the WebLogic Server. -> User ends up in a infinite loop.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms