My Oracle Support Banner

WebLogic Does Not Handle Duplicate Session Cookies (Doc ID 2059618.1)

Last updated on AUGUST 17, 2023

Applies to:

Oracle WebLogic Server - Version 10.3.4 to 12.1.2.0.0
Information in this document applies to any platform.

Symptoms

 Below is a scenario for multiple JSESSIONIDs:
 
- WebLogic Server (WLS_1) hosting a application (APP1), with default session cookie name (JSESSIONID), on host1.domain
- WebLogic Server (WLS_2) hosting an application (APP2), with default session cookie name (JSESSIONID), on host2.domain
- When the user accesses host1.domain/APP1, a session cookie set like (COOKIE1): Name: JSESSIONID -- Value:<JSESSIONID1>... -- Domain: host1.domain -- Path: / is generated.
- When the user accesses host2.domain/cs, a session cookie set like (COOKIE2): Name: JSESSIONID -- Value: <JSESSIONID2>... -- Domain: host2.domain -- Path: / is generated.

- Firefox or Chrome will only send the cookie with the best matching path to the WebLogic Server. -> No Problem.

- Internet Explorer (IE)  (any version) will send both cookies to the WebLogic Server. -> User ends up in a infinite loop.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.