Vgo Software

« It's all about exit speed | Main | Deploying Tomcat on Amazon's EC2 Cloud Service »
Wednesday
Nov052014

The importance of naming your cookies

Cookies are old hat for many of us, in use in all types of applications.  What you might not realize is that many Java frameworks, including ADF will by default use the same cookie name for the session identification.  This is all well and good if only one such application is using that domain, but if multiple ADF applications are sharing the same domain, they can clobber each other's sessions.

Once client encountered this when a user started reporting their application session timing out after what seemed to be really short periods of time.  It turned out to be two ADF applications that were using the default names for their cookies (JSESSIONID). 

Thankfully, in Weblogic, this is easy to fix.  In JDeveloper, you can open the weblogic.xml file in your ViewController project and click on the session section on the left hand side.  Open the Cookies panel and provide a Cookie Name, save this file and you are all set.

The source would look like this:

<session-descriptor>

   <cookie-name>mycookie</cookie-name>

</session-descriptor>

That's all there is to it.

BTW, we encountered this again when deploying a couple older ADF applications in a clustered environment.  If we used the apache weblogic plugin to do load balancing we were encountering some strange issues.  It turns out that unless you supply a cookie name for the plugin, it also uses JSESSIONID and one of the older applications that hadn't been udated with a cookie name was overwriting it, causing our session to be lost and our browser could no longer reach the application.  It kept receiving timeout notices.  Adding a cookie name in the configuration fixed the problem.

Lesson learned: never underestimate the value of naming your cookies!

 

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (1)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>